last executing test programs:

26.630394219s ago: executing program 3 (id=2074):
unshare(0x22020600)
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r0, &(0x7f0000003540)=[{{&(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10, &(0x7f0000000880)=[{&(0x7f0000000080)="93", 0x1}, {&(0x7f0000002400)="9917b1ad3d06a27855d01141e914353e8c663ed1065e32301b8acd1815ed897020c9092fe19ef95bd3c69397d675e3c19835f4c930a9bcbd49c4d872b7679a32e22015d7df39001b2d750fe2484101ef67cb628910e4cde2d8285b9017f55e84b67b72840813a8d080b71200f197d5b65f243ac4ac17d0cba3d08c98ceedf43365fc78aa0f52585ef7d8d525c049e1ae193a110f2dcfce4e6114b15de04b2720d6bd946506004cf479e742dcf73534e370150d97a55b559b5a1bedbc9290cbcac428f960e016fb88cfc21d86da2974ec3f2632992a27a4e5864623e05722eb07d27139b45171ec0cefa44e98f05dd4ff957056265edbacd81a611e4dfacb2b4879517e00c52e84728b1de1193bc88e509860ff143fc216c5100c41667a3ba5b157db616145a6d5ddb592e6b9589cdc93e3e8ef63da3cb4033d9f676cec3dcbb003ae54940e30203e1dc7b939c9c32029ad645b46ee269892e7a786bd36c2f7d962aad3b8d6e9d946adfa984a52cf7d35c5b2f492ab267c1ca948a5c0323d628364a612004c1c7feb2671a984f4dc05330a968e4b8cbe9200f111597c8ecc7ea7681ec281e168edbadc83d98de2b0dda7b187f509e487d63300932f3c76a1b66b4e01dffb07b4c80b5f5273a84b3cb0732b691738bba87517d53cf2b88b481cb325b8b912f54cee9d2546f2fdb96931bda2821eb66554abd4a21a8281c3c461df633a97f5cb3cf924fb324782399df0dc72d18d22b320e605dddf1123417dffc6452835a63fca230fbb002fd9c204b0819c56c4ce398423518b59dc8220bbf0c8b66f54c8009f1170f4c5582bfc703938bdf4d88ffe3eb87f4d2a62d442bb08ba405e11984c919fed63f9e86fd16c00843fa07cd9170919f4d07a12ad38db3f9effcfe1d631a48150e33ce07b3516fefab9587043a908dac8b0ffe361ec8e0fe7531f6d6d858cdabf7600f3a2bd90bce672cba7d366ae4ac6e33813f18340349422230cfe1d8c5757eb139321d44b57159089c68c13d7806cdbebeb42953f6f1670a313278a13076defab61b2016cf636ed37c7e7e1c49a4fb1d6a3d249e189087b37e724b6b24824bce4f77ab6f8a8d2f571d23c5120d75440e8eeda120467b5046b316e39aea9b6c7fa65eb4db56a3fed78c25fcde3afa956dee186fcad0b83f3d50a153f269113f5d9f1ccdff5ba86390c95b3a4ac782cd1121253f728b9b28a3cf59ebd82b0439d2f439e9cd00ca11a3f73515b6256b0faa56063ab761d5860a002c27fede7ce87b6336a4a146f2286ee32bb12e5a8bef04ba8cdb901c602a80eec7e74c947f88f6939ad240db8bc4baf655b941d1fc166fcbd2a64b5691e9145847ebc3ff5f8c07b8265c00176fa4617b6b7249aa801a090d4c65e36cfbbbca28913a892c3a7dd856fdf1f9a7279acfeee9fe51d14f87e4928f07f80145f54afb9a94fce7e76d38b64858327883b8f7141ccac8de649b7eb216d1b6c63f6d4d56dd9f11a2b36a6b3913917c378931e1ba3ec16aec67ef2bab2f1336a6990f7a78ab8acbc81d4ef49dc9bf02e6bae05118c706aeafa332e785ab59140d41ec0d00261ef9dd1735e19954cf1e8042b84185fa8bea4878e22ae53841b9c9752c950e5b21c7e7212b0297f22675cf8baae246e3c46a33e7228633954253add2592dbb7335b24569c834977a53ef23a84f7819deabd2c499422f23e7b682dc7f81b5d47b2ed330b83bb4f6c8f976539a8bf0d1f9b88d534c672d329ba41009f75c928ede7", 0x4e4}], 0x2}}, {{&(0x7f0000000740)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000001a40)=[{&(0x7f0000000780)="e4", 0x1}], 0x1}}], 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x7, 0x0, 0x0)
ppoll(&(0x7f00000008c0)=[{r0}], 0x1, 0x0, 0x0, 0x0)

25.658212309s ago: executing program 3 (id=2075):
syz_mount_image$f2fs(&(0x7f00000004c0), &(0x7f0000000280)='./file0\x00', 0x2008410, &(0x7f0000000500)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45ace9a88f723cb005aeff24212c651baef614d442ae89412ad3dcd0b7586d02002a6d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5c2b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1eb3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c59cbdc4c700000073f87b541eba830bacf5912afdcc1c061835177068c40f757dd123d2600b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2147931ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ac6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c84268030000000000000208886b313bd01a22d576e414011a4f0a897515329f86d4585fa0ea17068f8af349696da4a2b3e24310ca52ec51bc23b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515d7f2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55abad76a7b7a000016f81ec9da9ccc1191c211632266d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d5862085e1e4cb8279be17cba17ee4d06ad97b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575db449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4b522052b9467d0da116ccc1652d861a420f09aaf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cf4f88702f586507e3147198e0bc4060a7c8f4dce73b653177ecf8228e6e6fae02510000000000000000000000000000f43739fdd2d24e50e0233acfe1c8639070fe00f40b0d01f8a0a35fcfe3ea10faf9c24b8488ed4ed83fb06a9a7c57442ede9e1fc2853b8f4d2241cff61d0125b7750e3fdae6a4ab9c776a191ed8098a780ea2bbaa64978cd3a6458fcc6b949bcbca0dceb7361f66e46731eba4f3aed335e7c8c541e82453218a19d39489e1525466ac93759787e767f601931d94c9c426489b741a6bc8abf475e4bf859e1ce7f7227069e9f51e25fa3d1b18dc565180a1af464a1dd697db85e2b27b90f6bd7cf1b6bc0bcd8ba552ced3d3cfbf9c9bc04f65b6f83cb40173b4bdc393d47e5da95b63a40ac18daf11e8d0706b47795fbe2b56d0ea7ffc5a59ede88621a08b25ca6ebe041317b62373a60951af33eb7954a9731aaa125add0913ed2435a207439e9122512d77096747a4b404459cebc8faff8f7a31758e630c75a1ff90402754d339dc21cf6b8e04e1aedf14df0b4aaf0e03194df3eb41ba066bc343b323a3162d7e7ba687633c2faa8f28b42364b72e3a457476fd6b2a54e670ba798172c44c4390f73fdab743a4cac88b2bd0545b8483f2e2f9846b138a4d8a7332978da70e9050417087c5ae034a735e8b448dd9701404", @ANYRES16], 0x1, 0x554f, &(0x7f0000001e00)="$eJzs3EtvG1UbAOBjJ2m/Xr8IsWDXkSqkRKqtOm0q2AVoxUWkirgsWIFjO5Zb2xPFjhOyQoIlYsE/QSCxYslvYMGaHWIBYocE8pwTIJRLKjtJmz6PNH5nzhy/c87EivWORxOAJ9Z89vOPpXA5nAshzIQQLpZCsV5KS2ElhmdCCFdCCOU/LaXU/nvDmRDC+RDC5XHymLOUdn16bXR1+YfXfvrqm7OzFz778tuTmzVw0p4NIfQ24/pOL8a8HeO91F4fdYrYuzlKMe7o3U/beYw7rfUiw059v1+9iDfasX++uT0Yx41uvTGO7c5G0b7ZjwccjNr7eYo33KtvFdvN1noRO4O8iO29OK7dvfi/bW8wjHmaKd/7RfowHO7H2N7abcX5bN4vYqM/TO0xb95s7Y7jKMV0uNDIu81iHOuTnOlH2+ud/vZuNmptDTp5P1uu1p6r1m5Valt5szVs3azUe81bN7OFdnfcrTJs1Xsr7Txvd1vVRt5bzBbajUalVssWbrfWO/V+VqtVb1SvV5YX09q17OW7b2fdZrYwji92+ttnOt1BtpFvZfEdi9lS9cbzi9nVWvbm6lq29sadO6trb717+527L6y++lLq9MCwsoWl60tLldr1ylJt8QjmP5t2Hnb+4+/dQ85/OMn8P0rjeoj5lyY7PfDvfMAAHtoD9X9Q/wNH73Gv/8M06/9xSaX+/+/6vzx5/T9R/Xtc9f8RXv941OYPE1H/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8sb6b+/yVYmU+bl9I7ZdS01NpuxRCKIcQfv0bM+HMgZwzKc/cP/Sf+8sYvi6FIsP4GGfTcj6EsJKWX/5/1GcBAAAATq8vPrjySazW48v8SQ+I4xQv2pQvvjelfKUQwtz891PKVh6/PD2lZMXnezbsTilbcQHrf1NKFi+5zU4r26HM7IcPL/3RWEyoFEM5pD8oAABweswcCMdbhQAAAHCcPj7pAXAyip/30r346Qb+szGknzbPHdgHAAAAPIbc3gsAAACnX1H/e/4fAAAAnG7x+X8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwGzt3c6M2EMcB9G8bA/lSUJR7WskNykgJOeYYKCBNUAJpIQ1QA7ltCStYYY+QvDLSSozXWvSe5DEzRr+ZAV9mLBkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjS/3q3+vv7259bc46n2+SZDQAAANDnUO9WzYdFW/+Q2j+lpi+pXkREGRF9a/cqpp3MKuXUV75fPxvDv4gm4dzHLB3vI+J7Oh4/D/0rAAAAwP3ab7bLdrXeFouxB8Rrajdtyo8/MuUVEVEvHjKllefia6aw5v6exK9Mac0G1jxTWLvlNum/Ns3VSVfVOaWZzNfNn9jUymH6BQAAxtRdCVxZhQAAAHAHfo49AAZW9TcXl+LynHHWntIDwXedGgAAAPAGFWMPAAAAABhcs/73/j8AAAC4b+37/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjSod6t9pvt8tr19Qtzjqfb5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8MT+vKNACIRBGOxd35nM/Q8rDRoam1SB8PE3BgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF/vzkgIhEARRMGf876Tvf1hJ0DOIEAENjypq0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzv379tGFQcA/Ouzz/0BiBBQhgAqEgMsNHFLS0cYQBEDfwJSlDol4FJoM9AqAmWBCWXugmBECAkUtv4PnRupS9k6ZAgSM+jOd8m1MdSKwp1JPh/p+X3POd37vrNl5Zv3HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNL2O/FSUsTt7GFqGJfP3dtZW8r6rcf6zJ2N+7NZy+LWkwb65u3DT36yvVw9ODNTOfiq/mQAAAA4HtplfR8RD9LNhaxPpvL6Py3PyWr+758ZxmU9/3jdv7WzdrL40WxZ///268MXdgeaGo6TXXR5ZdCf359K5z+a4sR79olndPI7n//tpZ2/IMn7689vp/n9bH179+673Tw8UUe2AMBBnC37Iih/H8r6XpOJAXAUjVyK71QK77L+b0/VmhcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAI7bX46kybkXEbGcvzmztrC2N6u9s3J8t28Xbtzeq18wukUbE8sqgn9Y4l0l34+atTxYHg/71+oMzEdHc6EXw4RjnRPz7OcXbM5qbxT8HrclIo9EgKV6fScnnMIPyvXf4V973UdGt7UMJAIAjKS1aVtc/SDcXsuda0xF//fBo/f9aJY4x6/+HH128Vx2rWv/3apvh5JtbvfrZ3I2bt95Yubp4pX+l/+mb53pv9c5funDh0lx2r+bnliPpzzedJgAAAP9j3aJV6/9kev/6/+lKHGPW/59/1/uyOlZb/T/S3qJf05kAAAAcR3tbLZ975c8/WiPOaHW78cXi6ur13vBx9/jc8LHWdA/oRNGq9X97uumsAAAAgDpsr7ceWf+/XIljzPX/p3988efqNdsRcSriWkT0zy5dG1yubzoTrY4vKucD+fYwAADAsXWqaNX1/zTf/5/sbnlIIuL1V4dx+b+uxqn/2+99/VN1rOr+//P1TXEiJTPD+5H3MxGdmaYzAgAA4Cg7WbSs2P893Vz4+JfTH3Tt/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACo298BAAD//0DfMzE=")
syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x24002)
r0 = io_uring_setup(0x4f1, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0x1b, 0x20000038, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x42)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)

22.99382346s ago: executing program 3 (id=2082):
unshare(0x22020600)
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r0, &(0x7f0000003540)=[{{&(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10, &(0x7f0000000880)=[{&(0x7f0000000080)="93", 0x1}, {&(0x7f0000002400)="9917b1ad3d06a27855d01141e914353e8c663ed1065e32301b8acd1815ed897020c9092fe19ef95bd3c69397d675e3c19835f4c930a9bcbd49c4d872b7679a32e22015d7df39001b2d750fe2484101ef67cb628910e4cde2d8285b9017f55e84b67b72840813a8d080b71200f197d5b65f243ac4ac17d0cba3d08c98ceedf43365fc78aa0f52585ef7d8d525c049e1ae193a110f2dcfce4e6114b15de04b2720d6bd946506004cf479e742dcf73534e370150d97a55b559b5a1bedbc9290cbcac428f960e016fb88cfc21d86da2974ec3f2632992a27a4e5864623e05722eb07d27139b45171ec0cefa44e98f05dd4ff957056265edbacd81a611e4dfacb2b4879517e00c52e84728b1de1193bc88e509860ff143fc216c5100c41667a3ba5b157db616145a6d5ddb592e6b9589cdc93e3e8ef63da3cb4033d9f676cec3dcbb003ae54940e30203e1dc7b939c9c32029ad645b46ee269892e7a786bd36c2f7d962aad3b8d6e9d946adfa984a52cf7d35c5b2f492ab267c1ca948a5c0323d628364a612004c1c7feb2671a984f4dc05330a968e4b8cbe9200f111597c8ecc7ea7681ec281e168edbadc83d98de2b0dda7b187f509e487d63300932f3c76a1b66b4e01dffb07b4c80b5f5273a84b3cb0732b691738bba87517d53cf2b88b481cb325b8b912f54cee9d2546f2fdb96931bda2821eb66554abd4a21a8281c3c461df633a97f5cb3cf924fb324782399df0dc72d18d22b320e605dddf1123417dffc6452835a63fca230fbb002fd9c204b0819c56c4ce398423518b59dc8220bbf0c8b66f54c8009f1170f4c5582bfc703938bdf4d88ffe3eb87f4d2a62d442bb08ba405e11984c919fed63f9e86fd16c00843fa07cd9170919f4d07a12ad38db3f9effcfe1d631a48150e33ce07b3516fefab9587043a908dac8b0ffe361ec8e0fe7531f6d6d858cdabf7600f3a2bd90bce672cba7d366ae4ac6e33813f18340349422230cfe1d8c5757eb139321d44b57159089c68c13d7806cdbebeb42953f6f1670a313278a13076defab61b2016cf636ed37c7e7e1c49a4fb1d6a3d249e189087b37e724b6b24824bce4f77ab6f8a8d2f571d23c5120d75440e8eeda120467b5046b316e39aea9b6c7fa65eb4db56a3fed78c25fcde3afa956dee186fcad0b83f3d50a153f269113f5d9f1ccdff5ba86390c95b3a4ac782cd1121253f728b9b28a3cf59ebd82b0439d2f439e9cd00ca11a3f73515b6256b0faa56063ab761d5860a002c27fede7ce87b6336a4a146f2286ee32bb12e5a8bef04ba8cdb901c602a80eec7e74c947f88f6939ad240db8bc4baf655b941d1fc166fcbd2a64b5691e9145847ebc3ff5f8c07b8265c00176fa4617b6b7249aa801a090d4c65e36cfbbbca28913a892c3a7dd856fdf1f9a7279acfeee9fe51d14f87e4928f07f80145f54afb9a94fce7e76d38b64858327883b8f7141ccac8de649b7eb216d1b6c63f6d4d56dd9f11a2b36a6b3913917c378931e1ba3ec16aec67ef2bab2f1336a6990f7a78ab8acbc81d4ef49dc9bf02e6bae05118c706aeafa332e785ab59140d41ec0d00261ef9dd1735e19954cf1e8042b84185fa8bea4878e22ae53841b9c9752c950e5b21c7e7212b0297f22675cf8baae246e3c46a33e7228633954253add2592dbb7335b24569c834977a53ef23a84f7819deabd2c499422f23e7b682dc7f81b5d47b2ed330b83bb4f6c8f976539a8bf0d1f9b88d534c672d329ba41009f75c928ede7", 0x4e4}], 0x2}}, {{&(0x7f0000000740)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000001a40)=[{&(0x7f0000000780)="e4", 0x1}], 0x1}}], 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x7, 0x0, 0x0)
ppoll(&(0x7f00000008c0)=[{r0}], 0x1, 0x0, 0x0, 0x0)

21.005839853s ago: executing program 3 (id=2088):
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000002d80)={0x0, 0x0, &(0x7f0000002d40)={&(0x7f0000000000)=ANY=[@ANYBLOB='0\x00\x00\x00'], 0x30}}, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0)

19.950972893s ago: executing program 3 (id=2090):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100), 0x2, 0x508, &(0x7f0000000a00)="$eJzs3U9sI1cZAPBvJn/sbNMmhR4AFbqUwoJWayfeNqp6oT1VCFVC9MhhGxInimLHUeyUJuwhe+SORCVOcOLMjQNSD4g7Ege4cSkHpAIrUIPEwchje+v8cWJ2Y7uNfz9pNG/m2fO9t6OZN/tZmRfAxLoZEUcRMRsR70TEQmd/0lni9fbS+tzHD++vHT+8v5ZEs/n2P5KsvrUver7T8lTnmPmI+P6bET9MTgX9Y0T94HB7tVIp73V2FRvV3WL94PDOVnV1s7xZ3imVVpZXll69+0rpyvr6QvXXH81FxG9/8+UP/3D0rR+3mjXfqevtx1Vqd33mUZyW6Yj47jCCjcFUpz+zj/Plx/oSVymNiM9FxIvZ9b8QU9nZPOnkafr2CFsHAAxDs7kQzYXebQDgukuzHFiSFjq5gPlI00KhncN7Lm6klVq9cXujtr+z3s6VLcZMurFVKS91coWLMZNsbE2Xl7Nyd7tSLp3avhsRz0bET3Nz2XZhrVZZH+eDDwBMsKdOjf//zrXHfwDgmst/UsyNsx0AwOjkx90AAGDkjP8AMHmM/wAweYz/ADB5jP8AMHmM/wAwUb731lutpXncef/1+rsH+9u1d++sl+vbher+WmGttrdb2KzVNrN39lQvO16lVttdfjn23ys2yvVGsX5weK9a299p3Mve632vPDOSXgEAF3n2hQ/+nETE0Wtz2RI97/u/dKx+ftitA4YpHXcDgLGZGncDgLE5O9sXMCnk44GeKXof9OzOnymc9v5Ah0/NGwqfPre++AT5f+AzTf4fJtfj5f89y8N18P/m//2fAK6PZjMx5z8ATBjP80BySX3v7/9LzZ6NwX7/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGtpPluStNCZC3w+0rRQiHg6IhZjJtnYqpSXIuKZiPhTbibX2l42DygAfMalf0s683/dWnhp/nTtbO4/uWwdET/6+ds/e2+10dhbjphN/vlof+P9zv5SvxiLvxtyJwCAC3TH6e443vXxw/tr3WWU7fnojfbkoq24x52lXTMd09k6n+Uabvwr6Wy3tZ5Xpq4g/tGDiPjCef1PstzIYmfm09PxW7GfHmn89ET8NKtrr1v/Fp+/grbApPngjYjZ18+7/tK4ma3Pv/7z2R3qyXXvf8dn7n/po/vfVJ/7381BY7z8+++c2dlcaNc9iPjSdMRx9+A9959u/KRP/JcGjP+X57/yYr+65i8ibsV5/U9OxCo2qrvF+sHhna3q6mZ5s7xTKq0sryy9eveVUjHLURe7meqz/v7a7Wf6xW/1/0af+PlL+v/1Afv/y/++84OvXhD/m187//w/d0H81pj4jQHjr+b717Xir/fp/2Xn//aA8T/86+H6gB8FAEagfnC4vVqplPeGXUiHHyIrJBFHI+hOu5D71U/eHFWsJyzMRf/PXFClMKmFcd+ZgGH75KIfd0sAAAAAAAAAAAAAAIB+RvHnROPuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANfX/wIAAP//DxPT1w==")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000010700000000000000f9000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xfed7)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000006c0)={r2, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000680)='sched_switch\x00', r3}, 0x18)
userfaultfd(0x80001)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)

17.916369718s ago: executing program 3 (id=2095):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
unshare(0x68060200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x8031, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = socket(0x1, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_ADDRESS={0x14, 0x1, @mcast2}]}, 0x40}}, 0x0)
r2 = socket(0x10, 0x803, 0x0)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r4}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x100}]}, 0x34}}, 0x0)

12.11119272s ago: executing program 0 (id=2050):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000001540)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r0, 0x0)
munmap(&(0x7f00008bb000/0x2000)=nil, 0x2000)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3)
munmap(&(0x7f000061d000/0x3000)=nil, 0x3000)
munmap(&(0x7f00006fc000/0x2000)=nil, 0x2000)
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='smaps\x00')
unshare(0x2a020400)
preadv(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0, 0x1)

11.265732519s ago: executing program 0 (id=2107):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1, 0x11, r5, 0x0)

10.471579008s ago: executing program 0 (id=2110):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xa}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_RAW={0x8}, @TCA_CAKE_NAT={0x8, 0xb, 0x1}]}}]}, 0x44}}, 0x0)
r0 = syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={0x0}, 0x18)
ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4205, r0, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78})
ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0})

9.425348394s ago: executing program 0 (id=2113):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f0000000280)='net/vlan/config\x00')
unshare(0x62040200)

9.156756042s ago: executing program 2 (id=2115):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x34, r2, 0x101, 0x0, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x96c}]]}, 0x34}}, 0x8110)

5.045566166s ago: executing program 4 (id=2122):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
memfd_create(0x0, 0x2)
prlimit64(0x0, 0xe, 0x0, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_GET_TARGET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r4)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r4)
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000eeff1300", @ANYBLOB], 0x30}}, 0x0)

4.702035399s ago: executing program 1 (id=2123):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xa}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_RAW={0x8}, @TCA_CAKE_NAT={0x8, 0xb, 0x1}]}}]}, 0x44}}, 0x0)
r0 = syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10)
ptrace$setregs(0xd, r0, 0x0, 0x0)
ptrace$getregset(0x4205, r0, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78})
ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0})

3.816184283s ago: executing program 4 (id=2124):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x1, 0x2)
writev(r0, &(0x7f00000008c0)=[{&(0x7f00000005c0)="647c8c", 0x3}], 0x1)

3.753736011s ago: executing program 1 (id=2125):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200"/48, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000040000000000000000000000000000000000000000000000000000100"/103], 0xfc}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x4)
writev(r1, &(0x7f0000000300)=[{&(0x7f0000000180)="580000001400192340834b80040d8c560211820fffff5bab4e210200000058006f543bc2945f640094f96a0325010ebc000000000014008000f0fffeffe809004000fff5dd000000100002000400080004000000224e0000", 0x58}], 0x1)
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000000206010100000000000000000a0000080900020073797a31000000000900020073797a3100000000a8a063744add97381434ff727c3fdbc6b9393a1a167226d792d6d69e52c2bc307272dd634f141f5598542f19faae748d1c721cb13a4f1cd4252025720c0e3e69f1cfd3ccba54639711f915260e5c73d0"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000200)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000280)={@local})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r4, 0x7a8, &(0x7f0000001340)={{@local}, @my=0x0, 0x0, 0x8})
ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r4, 0x7a9, &(0x7f0000000180)={{@local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000007, 0x20000005})
close_range(r3, 0xffffffffffffffff, 0x0)

3.655958051s ago: executing program 1 (id=2126):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_VFINFO_LIST={0x4}, @IFLA_IFALIASn={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000884}, 0x0)

3.595509368s ago: executing program 4 (id=2127):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@loopback, 0x0, 0x2b}, 0x0, @in=@broadcast}}, 0xe8)
r1 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r2, 0x10d, 0xb4, &(0x7f0000000040), 0x0)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
close(r0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0xb8}}, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000180), 0xb)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000005, 0x10012, 0xffffffffffffffff, 0x0)
mmap$qrtrtun(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000000, 0x10010, 0xffffffffffffffff, 0x74a)
time(&(0x7f0000000100))

3.476631917s ago: executing program 4 (id=2128):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x3, 0x1004, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000001}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096231306e53f070c0000002a9000070d00be0083"], 0x0}, 0x0)

3.250168996s ago: executing program 1 (id=2129):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000002c0)={[{@init_itable}, {@resuid}, {@stripe}]}, 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==")
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000980)={'wg2\x00'})
dup(r4)
splice(0xffffffffffffffff, 0x0, r3, 0x0, 0x101, 0x6)
sendmsg$TIPC_NL_BEARER_ADD(0xffffffffffffffff, 0x0, 0x24008045)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
r7 = syz_mount_image$fuse(0x0, &(0x7f00000001c0)='./file0\x00', 0x45408, &(0x7f0000000300)=ANY=[@ANYRESHEX, @ANYBLOB=',rogtmode=00000000000000000020000,useS_i', @ANYRESDEC=0x0, @ANYBLOB, @ANYBLOB=',defaul'], 0x0, 0x0, &(0x7f0000000240)="9982ecbea813e3662dc2e708707b68b5f838bf2293b6561d861bb10ab480787ee7dc95f157b4e4a82c8b3a68a58856279be5257f4737b471b9288249913ad35f334e219341a952a3d8cff54f2657e53da5df7794b3a4")
mkdirat(r7, &(0x7f00000003c0)='./file0\x00', 0x4)
r8 = fcntl$dupfd(r6, 0x0, r6)
ioctl$USBDEVFS_SUBMITURB(r8, 0xc0105500, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})
ioctl$F2FS_IOC_SET_PIN_FILE(0xffffffffffffffff, 0x4004f50d, &(0x7f0000000180)=0xfffffff9)

3.223534232s ago: executing program 2 (id=2130):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x12, 0x2, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f00000000c0), &(0x7f0000000100)=r0}, 0x20)
bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000040)={r1, 0x0, 0x20000004}, 0x20)

2.969802006s ago: executing program 2 (id=2131):
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000))
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000200)={0x60, 0x0, &(0x7f000005d000/0x3000)=nil, &(0x7f0000994000/0x2000)=nil, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x6})

1.805091965s ago: executing program 2 (id=2132):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400a685b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0)
sendmsg(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4c", 0x4}], 0x1, 0x0, 0x0, 0x11000000}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081139000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071106500000000001d300500000000004704000001ed00000f030000000000001d44020000000000620a00fe040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343cccc953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4138ae84, &(0x7f0000000c40))
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x40, &(0x7f00000007c0)={[{@test_dummy_encryption}, {@data_err_ignore}, {}, {@norecovery}, {@dioread_nolock}, {@lazytime}, {@nodelalloc}, {@usrquota}, {@resgid}]}, 0xfc, 0x555, &(0x7f0000000240)="$eJzs3d9rW1UcAPDvTdP91nUwhvoghT04mUvX1h8TfJiPosOBvs/Q3pXRdBlNOtY6cHvZiy8yBBEH4h/gu4/7D/wrBjoYMoo+iBC56c2WtUmbdZnJzOcDNzvn3hvOPbn3e/a9OUkTwMiazB4KEa9GxDdJxOG2bcXIN05u7Lf+8PpctiTRaHz2RxJJvq61f5L/ezCvvBIR/0TEyUJ7izeaj7XVtcVypZIu52un6ktXpmqra6cuLZUX0oX08szs7Jl3Zmfef+/dvvX1zfN/ff/p3Y/OfH18/buf7x+5ncTZOJRva+/HM7jRXpmMyfw1GY+zm3ac7kNjwyQZ9AGwK2N5nI9HNgYcjrE86oH/v68iogGMqET8w4hq5QGte/s+3Qe/MB58uHEDtKn/STGKG++NxL7mvdGB9eSJO6PsfneiD+1nbfzy+53b2RL9ex8CYEc3bkbE6WJx6/if5OPf7p3uYZ/NbRj/4L9zN8t/3uqU/xUe5T/RIf852CF2d2Pn+C/c70MzXWX53wcd899Hk1YTY3ntpWbON55cvFRJs7Ht5Yg4EeN7s/p28zln1u81um1rz/+yJWu/lQvmx3G/uPfJ58yX6+Vn6XO7BzcjXtua/7aN//uaue7m85+9Hud7bONYeuf1btt27v/z1fgp4o2O5//xjFay/fzkVPN6mGpdFVv9eevYr93aH3T/s/N/YPv+TyTt87W1p2/jx31/p9227fb635N83izvydddK9fry9MRe5JPtq6fefzcVr21f9b/E8e3H/86Xf/7I+KLHvt/6+itrrsOw/mff6rz//SFex9/+UO39ns7/283SyfyNb2Mf70e4LO8dgAAAAAAADBsChFxKJJC6VG5UCiVNj7fcTQOFCrVWv3kxerK5flofld2IsYLzZnufHqw9XmI6fzzsHm9GE/W09mIOBIR347tb9ZLc9XK/ID7DgAAAAAAAAAAAAAAAAAAAMPiYJfv/2d+Gxv00QHPnZ/8htG1Y/z345eegKHk/38YXeIfRpf4h9El/mF0iX8YXeIfRpf4h9El/gEAAAAAAAAAAAAAAAAAAAAAAAAAAKCvzp87ly2N9YfX57L6/NXVlcXq1VPzaW2xtLQyV5qrLl8pLVSrPf6N4Eq1emV6JlauTdXTWn2qtrp2Yam6crl+4dJSeSG9kI4/5/4AAAAAAAAAAAAAAAAAAADAi6i2urZYrlTS5UEWisNxGAq7KRSH4zAU+lwY9MgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/9GwAA///0SDTc")
ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000280)={0x2})

1.604247874s ago: executing program 1 (id=2133):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
bind$bt_hci(r3, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)

1.313678117s ago: executing program 0 (id=2134):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b70400000000000085000000430000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r4, &(0x7f0000002680)={0x2, 0x0, @local}, 0x10)
sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000040)="08001efbb07d586e", 0x4788}], 0x1}, 0x0)

1.113687642s ago: executing program 2 (id=2135):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200"/48, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000040000000000000000000000000000000000000000000000000000100"/103], 0xfc}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x4)
writev(r1, &(0x7f0000000300)=[{&(0x7f0000000180)="580000001400192340834b80040d8c560211820fffff5bab4e210200000058006f543bc2945f640094f96a0325010ebc000000000014008000f0fffeffe809004000fff5dd000000100002000400080004000000224e0000", 0x58}], 0x1)
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000000206010100000000000000000a0000080900020073797a31000000000900020073797a3100000000a8a063744add97381434ff727c3fdbc6b9393a1a167226d792d6d69e52c2bc307272dd634f141f5598542f19faae748d1c721cb13a4f1cd4252025720c0e3e69f1cfd3ccba54639711f915260e5c73d0"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000200)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000280)={@local})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r4, 0x7a8, &(0x7f0000001340)={{@local}, @my=0x0, 0x0, 0x8})
ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r4, 0x7a9, &(0x7f0000000180)={{@local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000007, 0x20000005})
close_range(r3, 0xffffffffffffffff, 0x0)

189.890295ms ago: executing program 2 (id=2136):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b7030000000000de850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000580)='kmem_cache_free\x00', r0}, 0x18)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000400)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r1, &(0x7f0000000180)=ANY=[], 0x66)

163.728019ms ago: executing program 4 (id=2137):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@loopback, 0x0, 0x2b}, 0x0, @in=@broadcast}}, 0xe8)
r1 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r2, 0x10d, 0xb4, &(0x7f0000000040), 0x0)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
close(r0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0xb8}}, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000180), 0xb)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000005, 0x10012, 0xffffffffffffffff, 0x0)
mmap$qrtrtun(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000000, 0x10010, 0xffffffffffffffff, 0x74a)
time(&(0x7f0000000100))

162.281689ms ago: executing program 0 (id=2138):
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000180))
r5 = socket(0x10, 0x803, 0x0)
socket(0x200000100000011, 0x3, 0x0)
sendmsg$nl_route(r5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, &(0x7f0000000140), 0x14)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x74, 0x0)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r6, 0x5412, &(0x7f00000000c0)=0x13)
ioctl$TCSETA(r6, 0x5406, &(0x7f00000005c0)={0x7ff, 0x0, 0xfbfe, 0x1, 0x13, "5f730000a9003f00"})

119.878691ms ago: executing program 1 (id=2139):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_VFINFO_LIST={0x8, 0x16, 0x0, 0x1, [{0x4}]}, @IFLA_IFALIASn={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000884}, 0x0)

0s ago: executing program 4 (id=2140):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x34, r2, 0x101, 0x0, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x96c}]]}, 0x34}}, 0x8110)

kernel console output (not intermixed with test programs):

4) did not claim interface 0 before use
[  708.665458][ T9526] netlink: 52 bytes leftover after parsing attributes in process `syz.2.927'.
[  708.917001][ T9537] netlink: 12 bytes leftover after parsing attributes in process `syz.4.932'.
[  709.805265][  T117] usb 1-1: USB disconnect, device number 8
[  709.815921][ T9545] fuse: Bad value for 'fd'
[  710.142124][ T9556] netlink: 4 bytes leftover after parsing attributes in process `syz.1.937'.
[  710.296654][ T9562] netlink: 8 bytes leftover after parsing attributes in process `syz.4.943'.
[  710.322506][ T9562] netlink: 'syz.4.943': attribute type 9 has an invalid length.
[  711.836087][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies.
[  713.101354][    T8] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  713.644384][    T8] usb 1-1: unable to get BOS descriptor or descriptor too short
[  713.682812][    T8] usb 1-1: config 1 has an invalid descriptor of length 133, skipping remainder of the config
[  713.719921][    T8] usb 1-1: config 1 interface 0 altsetting 147 has 0 endpoint descriptors, different from the interface descriptor's value: 20
[  713.780640][    T8] usb 1-1: config 1 interface 0 has no altsetting 0
[  713.813285][    T8] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  713.839817][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  713.869336][    T8] usb 1-1: Product: syz
[  713.881807][    T8] usb 1-1: Manufacturer: syz
[  713.887352][    T8] usb 1-1: SerialNumber: syz
[  713.897524][ T9615] usb usb8: usbfs: process 9615 (syz.2.961) did not claim interface 0 before use
[  716.327068][    T8] usb 1-1: USB disconnect, device number 9
[  717.760841][ T9648] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  718.307497][ T9664] xt_CT: You must specify a L4 protocol and not use inversions on it
[  719.961624][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies.
[  721.820101][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies.
[  721.834806][   T29] audit: type=1326 audit(1727918919.661:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9716 comm="syz.2.1000" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0059f7dff9 code=0x0
[  721.964132][ T9744] xt_CT: You must specify a L4 protocol and not use inversions on it
[  722.400926][ T9758] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1015'.
[  722.680523][ T5318] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  722.911554][ T5318] usb 5-1: Using ep0 maxpacket: 32
[  722.995397][ T5318] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  723.004282][ T9774] Bluetooth: MGMT ver 1.23
[  723.025255][ T9770] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  723.054868][ T9774] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1019'.
[  723.078670][ T5318] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  723.107358][ T5318] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024
[  723.125523][ T5318] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  723.156328][ T5318] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  723.167793][ T5318] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  723.188358][ T5318] usb 5-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  723.189157][ T9770] netlink: 'syz.3.1019': attribute type 4 has an invalid length.
[  723.203989][ T5318] usb 5-1: New USB device found, idVendor=10cf, idProduct=8067, bcdDevice=2c.27
[  723.219461][ T5318] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  723.227556][ T5318] usb 5-1: Product: syz
[  723.232069][ T5318] usb 5-1: Manufacturer: syz
[  723.236697][ T5318] usb 5-1: SerialNumber: syz
[  723.245229][ T5318] usb 5-1: config 0 descriptor??
[  723.250873][ T9760] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  723.263946][ T5318] vmk80xx 5-1:0.0: driver 'vmk80xx' failed to auto-configure device.
[  723.275700][ T5318] vmk80xx 5-1:0.0: probe with driver vmk80xx failed with error -22
[  723.530270][ T7951] usb 5-1: USB disconnect, device number 11
[  723.627462][   T29] audit: type=1326 audit(1727918921.451:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9791 comm="syz.0.1027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32cf37dff9 code=0x7ffc0000
[  723.633740][ T9790] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1026'.
[  723.668810][   T29] audit: type=1326 audit(1727918921.491:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9791 comm="syz.0.1027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32cf37dff9 code=0x7ffc0000
[  723.738824][   T29] audit: type=1326 audit(1727918921.491:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9791 comm="syz.0.1027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f32cf37c990 code=0x7ffc0000
[  723.797867][   T29] audit: type=1326 audit(1727918921.491:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9791 comm="syz.0.1027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f32cf37c990 code=0x7ffc0000
[  723.833212][   T29] audit: type=1326 audit(1727918921.491:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9791 comm="syz.0.1027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32cf37dff9 code=0x7ffc0000
[  723.859144][   T29] audit: type=1326 audit(1727918921.491:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9791 comm="syz.0.1027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32cf37dff9 code=0x7ffc0000
[  723.886778][   T29] audit: type=1326 audit(1727918921.491:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9791 comm="syz.0.1027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f32cf37dff9 code=0x7ffc0000
[  723.959334][ T9801] xt_CT: You must specify a L4 protocol and not use inversions on it
[  723.980126][   T29] audit: type=1326 audit(1727918921.491:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9791 comm="syz.0.1027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32cf37dff9 code=0x7ffc0000
[  724.113265][   T29] audit: type=1326 audit(1727918921.491:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9791 comm="syz.0.1027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32cf37dff9 code=0x7ffc0000
[  724.856432][ T9828] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1037'.
[  724.992297][ T7973] Bluetooth: hci0: command 0x0c20 tx timeout
[  725.006351][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies.
[  725.011166][ T5240] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  725.107726][ T9831] netlink: 'syz.4.1037': attribute type 4 has an invalid length.
[  725.552527][ T9827] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  725.578046][ T9862] xt_CT: You must specify a L4 protocol and not use inversions on it
[  725.862498][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies.
[  727.070707][ T5240] Bluetooth: hci0: command 0x0c20 tx timeout
[  728.294418][ T9932] hsr0: entered allmulticast mode
[  728.330638][ T9932] hsr_slave_0: entered allmulticast mode
[  728.340454][ T9932] hsr_slave_1: entered allmulticast mode
[  728.449323][ T9932] hsr_slave_0: left promiscuous mode
[  728.477288][ T9932] hsr_slave_1: left promiscuous mode
[  728.560077][ T9932] hsr0 (unregistering): left allmulticast mode
[  728.969164][ T9962] fuse: Bad value for 'fd'
[  729.150775][ T5240] Bluetooth: hci0: command 0x0c20 tx timeout
[  730.130713][ T5281] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  730.319698][ T5281] usb 4-1: Using ep0 maxpacket: 32
[  730.378449][ T5281] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  730.423903][ T5281] usb 4-1: language id specifier not provided by device, defaulting to English
[  730.445218][ T5281] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  730.474825][ T5281] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  730.490621][ T5281] usb 4-1: Product: syz
[  730.491246][T10017] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  730.500612][ T5281] usb 4-1: Manufacturer: syz
[  730.516569][ T5281] usb 4-1: SerialNumber: syz
[  730.657163][T10023] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1110'.
[  730.778923][T10000] loop0: detected capacity change from 0 to 6
[  730.805756][T10000] Dev loop0: unable to read RDB block 6
[  730.815906][T10000]  loop0: unable to read partition table
[  730.824169][T10000] loop0: partition table beyond EOD, truncated
[  730.834687][T10000] loop_reread_partitions: partition scan of loop0 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  730.834687][T10000] 
) failed (rc=-5)
[  730.853458][T10029] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1111'.
[  730.868333][ T5281] cdc_ncm 4-1:1.0: bind() failure
[  730.877445][ T5281] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  730.886667][ T5281] cdc_ncm 4-1:1.1: bind() failure
[  730.908700][ T5281] usb 4-1: USB disconnect, device number 12
[  731.548974][T10046] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  731.610048][T10046] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1117'.
[  731.680889][T10049] netlink: 'syz.3.1117': attribute type 4 has an invalid length.
[  731.757461][   T29] kauditd_printk_skb: 4 callbacks suppressed
[  731.757480][   T29] audit: type=1326 audit(1727918929.581:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10041 comm="syz.0.1116" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f32cf37dff9 code=0x0
[  732.078043][T10064] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1122'.
[  732.644665][T10087] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1130'.
[  732.910859][T10095] vivid-002: =================  START STATUS  =================
[  732.937773][T10095] vivid-002: Radio HW Seek Mode: Bounded
[  732.961890][T10095] vivid-002: Radio Programmable HW Seek: false
[  732.982244][T10095] vivid-002: RDS Rx I/O Mode: Block I/O
[  732.995582][T10095] vivid-002: Generate RBDS Instead of RDS: false
[  733.024164][T10095] vivid-002: RDS Reception: true
[  733.041287][T10095] vivid-002: RDS Program Type: 0 inactive
[  733.048447][T10095] vivid-002: RDS PS Name:  inactive
[  733.056641][T10095] vivid-002: RDS Radio Text:  inactive
[  733.066538][T10095] vivid-002: RDS Traffic Announcement: false inactive
[  733.074849][T10095] vivid-002: RDS Traffic Program: false inactive
[  733.083633][T10095] vivid-002: RDS Music: false inactive
[  733.089507][T10095] vivid-002: ==================  END STATUS  ==================
[  733.536238][T10103] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1133'.
[  733.550620][ T5231] Bluetooth: hci0: command 0x0c20 tx timeout
[  733.556691][ T5240] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  733.592714][T10101] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  733.611232][T10103] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1133'.
[  733.651889][T10104] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1132'.
[  733.707514][T10101] netlink: 'syz.0.1132': attribute type 4 has an invalid length.
[  733.760925][T10111] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1135'.
[  734.678246][   T29] audit: type=1326 audit(1727918932.501:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10114 comm="syz.2.1137" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0059f7dff9 code=0x0
[  735.364226][T10150] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1146'.
[  735.630518][ T5231] Bluetooth: hci0: command 0x0c20 tx timeout
[  735.637581][ T5240] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  735.682819][T10161] usb usb8: usbfs: process 10161 (syz.0.1151) did not claim interface 0 before use
[  736.004953][T10171] binder_alloc: 10170: binder_alloc_buf, no vma
[  736.138784][T10174] __nla_validate_parse: 1 callbacks suppressed
[  736.138805][T10174] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1158'.
[  736.154511][    T8] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  736.312388][    T8] usb 4-1: config 0 has an invalid interface number: 94 but max is 0
[  736.331978][    T8] usb 4-1: config 0 has no interface number 0
[  736.355035][    T8] usb 4-1: config 0 interface 94 altsetting 5 endpoint 0x2 has invalid wMaxPacketSize 0
[  736.364132][T10179] loop0: detected capacity change from 0 to 1024
[  736.370556][    T8] usb 4-1: config 0 interface 94 altsetting 5 bulk endpoint 0x2 has invalid maxpacket 0
[  736.400447][    T8] usb 4-1: config 0 interface 94 altsetting 5 has an endpoint descriptor with address 0x69, changing to 0x9
[  736.435855][T10179] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  736.465184][    T8] usb 4-1: config 0 interface 94 altsetting 5 endpoint 0x9 has invalid wMaxPacketSize 0
[  736.485981][    T8] usb 4-1: config 0 interface 94 altsetting 5 bulk endpoint 0x9 has invalid maxpacket 0
[  736.496751][    T8] usb 4-1: config 0 interface 94 has no altsetting 0
[  736.525158][    T8] usb 4-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=2f.16
[  736.560492][    T8] usb 4-1: New USB device strings: Mfr=1, Product=50, SerialNumber=157
[  736.568775][    T8] usb 4-1: Product: syz
[  736.580570][    T8] usb 4-1: Manufacturer: syz
[  736.585301][    T8] usb 4-1: SerialNumber: syz
[  736.808425][    T8] usb 4-1: config 0 descriptor??
[  736.816886][    T8] kvaser_usb 4-1:0.94: error -ENODEV: Cannot get usb endpoint(s)
[  737.424979][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies.
[  737.450905][T10191] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1162'.
[  737.538497][ T9265] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  737.561128][T10191] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1162'.
[  737.720609][ T5240] Bluetooth: hci0: command 0x0c20 tx timeout
[  737.818815][    T9] usb 4-1: USB disconnect, device number 13
[  737.838975][T10202] fuse: Bad value for 'rootmode'
[  738.193614][T10210] usb usb8: usbfs: process 10210 (syz.2.1169) did not claim interface 0 before use
[  738.748364][T10220] netlink: 'syz.1.1172': attribute type 6 has an invalid length.
[  738.782090][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies.
[  738.962972][T10229] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1177'.
[  739.067183][T10231] fuse: Bad value for 'rootmode'
[  739.379398][T10247] usb usb8: usbfs: process 10247 (syz.2.1185) did not claim interface 0 before use
[  739.531739][ T5279] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  739.690634][ T5279] usb 4-1: Using ep0 maxpacket: 16
[  739.701233][ T5279] usb 4-1: config 1 interface 0 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  739.730586][ T5279] usb 4-1: config 1 interface 0 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[  739.758169][ T5279] usb 4-1: config 1 interface 0 altsetting 255 endpoint 0x3 has invalid wMaxPacketSize 0
[  739.778702][ T5279] usb 4-1: config 1 interface 0 altsetting 255 bulk endpoint 0x3 has invalid maxpacket 0
[  739.788979][ T5279] usb 4-1: config 1 interface 0 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 22
[  739.789690][T10257] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1188'.
[  739.809410][ T5240] Bluetooth: hci0: command 0x0c20 tx timeout
[  739.817998][ T5279] usb 4-1: config 1 interface 0 has no altsetting 0
[  739.838848][ T5279] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  739.848249][ T5279] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  739.856379][ T5279] usb 4-1: SerialNumber: syz
[  739.885554][T10259] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1188'.
[  740.094332][ T5279] usb 4-1: USB disconnect, device number 14
[  740.115728][T10263] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1190'.
[  740.251095][T10265] fuse: Unknown parameter 'use00000000000000000000'
[  740.737454][T10283] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  741.513351][T10289] usb usb8: usbfs: process 10289 (syz.3.1199) did not claim interface 0 before use
[  741.572934][T10293] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1201'.
[  741.624443][T10293] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1201'.
[  741.800697][    T9] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  741.970613][    T9] usb 3-1: Using ep0 maxpacket: 8
[  741.985255][    T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  742.012010][    T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  742.030512][    T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  742.813868][    T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  742.826985][    T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  742.836303][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  742.924530][T10305] fuse: Unknown parameter 'use00000000000000000000'
[  743.010632][T10306] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  743.051134][T10307] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1206'.
[  743.080199][    T9] usb 3-1: GET_CAPABILITIES returned 0
[  743.089079][    T9] usbtmc 3-1:16.0: can't read capabilities
[  743.119997][T10306] netlink: 'syz.0.1206': attribute type 4 has an invalid length.
[  743.245699][T10313] netlink: 16126 bytes leftover after parsing attributes in process `syz.4.1209'.
[  743.287397][T10313] netlink: 183228 bytes leftover after parsing attributes in process `syz.4.1209'.
[  743.322619][    T9] usb 3-1: USB disconnect, device number 10
[  743.895731][T10321] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  744.672161][T10329] usb usb8: usbfs: process 10329 (syz.3.1215) did not claim interface 0 before use
[  744.675482][T10325] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1214'.
[  744.766353][T10334] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1214'.
[  744.990656][ T5231] Bluetooth: hci0: command 0x0c20 tx timeout
[  744.996932][ T5240] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  745.107796][T10340] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  745.140184][T10341] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1220'.
[  745.201309][T10340] netlink: 'syz.4.1220': attribute type 4 has an invalid length.
[  745.333240][T10350] fuse: Unknown parameter 'use00000000000000000000'
[  745.745395][T10370] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1229'.
[  745.809419][T10372] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1229'.
[  746.041061][T10376] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  746.738993][T10381] @: renamed from vlan0 (while UP)
[  746.918580][T10390] usb usb8: usbfs: process 10390 (syz.0.1232) did not claim interface 0 before use
[  747.072277][ T5231] Bluetooth: hci0: command 0x0c20 tx timeout
[  747.078772][ T5240] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  747.481826][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  747.497289][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  749.352527][ T5240] Bluetooth: hci0: command 0x0c20 tx timeout
[  749.951939][T10404] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  750.145296][T10407] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1240'.
[  750.265688][T10409] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1240'.
[  750.632913][T10421] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1244'.
[  750.759337][T10424] vivid-002: =================  START STATUS  =================
[  750.767981][T10424] vivid-002: Radio HW Seek Mode: Bounded
[  750.782194][T10424] vivid-002: Radio Programmable HW Seek: false
[  750.794854][T10424] vivid-002: RDS Rx I/O Mode: Block I/O
[  750.805068][T10424] vivid-002: Generate RBDS Instead of RDS: false
[  750.811780][T10424] vivid-002: RDS Reception: true
[  750.817207][T10424] vivid-002: RDS Program Type: 0 inactive
[  750.823655][T10424] vivid-002: RDS PS Name:  inactive
[  750.860249][T10424] vivid-002: RDS Radio Text:  inactive
[  750.865972][T10424] vivid-002: RDS Traffic Announcement: false inactive
[  750.873156][T10424] vivid-002: RDS Traffic Program: false inactive
[  750.883650][T10424] vivid-002: RDS Music: false inactive
[  750.892902][T10424] vivid-002: ==================  END STATUS  ==================
[  750.925787][T10428] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1246'.
[  751.391172][ T5240] Bluetooth: hci0: command 0x0c20 tx timeout
[  752.114179][T10455] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1254'.
[  752.196140][T10458] netlink: 'syz.2.1255': attribute type 6 has an invalid length.
[  752.247202][T10455] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1254'.
[  752.540099][T10467] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1259'.
[  753.030542][ T5318] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  753.200585][ T5318] usb 5-1: Using ep0 maxpacket: 16
[  753.352259][ T5318] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  753.365897][ T5318] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  753.382828][ T5318] usb 5-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00
[  754.125028][ T5318] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  754.217676][ T5318] usb 5-1: config 0 descriptor??
[  754.413222][T10495] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1269'.
[  754.499772][T10499] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1269'.
[  754.655968][ T5318] waltop 0003:172F:0037.0006: item fetching failed at offset 4/6
[  754.671521][T10506] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1273'.
[  754.703894][ T5318] waltop 0003:172F:0037.0006: probe with driver waltop failed with error -22
[  755.040353][T10475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  755.393767][T10475] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  756.976194][ T5318] usb 5-1: USB disconnect, device number 12
[  756.992116][T10536] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1281'.
[  757.182376][    T9] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  757.252487][T10545] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1286'.
[  757.371059][    T9] usb 4-1: Using ep0 maxpacket: 32
[  757.388318][    T9] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  757.434354][    T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  757.458485][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024
[  757.473621][    T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  757.493721][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  757.517806][    T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  757.535750][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  757.552729][    T9] usb 4-1: New USB device found, idVendor=10cf, idProduct=8067, bcdDevice=2c.27
[  757.563324][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  757.571694][    T9] usb 4-1: Product: syz
[  757.576153][    T9] usb 4-1: Manufacturer: syz
[  757.581266][    T9] usb 4-1: SerialNumber: syz
[  757.591814][    T9] usb 4-1: config 0 descriptor??
[  757.600900][T10531] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  757.627079][    T9] vmk80xx 4-1:0.0: driver 'vmk80xx' failed to auto-configure device.
[  757.636898][    T9] vmk80xx 4-1:0.0: probe with driver vmk80xx failed with error -22
[  757.818616][T10562] netlink: 'syz.0.1293': attribute type 9 has an invalid length.
[  757.829361][ T5318] usb 4-1: USB disconnect, device number 15
[  757.991832][ T5309] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  758.160588][ T5309] usb 5-1: Using ep0 maxpacket: 16
[  758.174411][ T5309] usb 5-1: config 1 interface 0 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  758.213232][ T5309] usb 5-1: config 1 interface 0 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[  758.224969][T10573] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1298'.
[  758.229443][ T5309] usb 5-1: config 1 interface 0 altsetting 255 endpoint 0x3 has invalid wMaxPacketSize 0
[  758.250348][T10573] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1298'.
[  758.251752][ T5309] usb 5-1: config 1 interface 0 altsetting 255 bulk endpoint 0x3 has invalid maxpacket 0
[  758.273145][ T5309] usb 5-1: config 1 interface 0 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 22
[  758.286913][ T5309] usb 5-1: config 1 interface 0 has no altsetting 0
[  758.311874][ T5309] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  758.321489][ T5309] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  758.386335][ T5309] usb 5-1: SerialNumber: syz
[  758.669177][ T5309] usb 5-1: USB disconnect, device number 13
[  758.730721][T10586] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1303'.
[  758.742380][T10586] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1303'.
[  758.771320][T10588] netlink: 'syz.1.1305': attribute type 9 has an invalid length.
[  759.302848][T10603] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1311'.
[  759.312294][T10603] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1311'.
[  759.621028][ T5279] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  759.784744][ T5279] usb 4-1: Using ep0 maxpacket: 32
[  759.810191][ T5279] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  759.845992][ T5279] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  759.880827][ T5279] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024
[  759.923428][ T5279] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  759.952890][ T5279] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  759.990488][ T5279] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  760.030669][ T5279] usb 4-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  760.057642][ T5279] usb 4-1: New USB device found, idVendor=10cf, idProduct=8067, bcdDevice=2c.27
[  760.083459][ T5279] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  760.109235][ T5279] usb 4-1: Product: syz
[  760.121215][ T5279] usb 4-1: Manufacturer: syz
[  760.134361][ T5279] usb 4-1: SerialNumber: syz
[  760.153052][ T5279] usb 4-1: config 0 descriptor??
[  760.176708][T10605] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  760.196534][ T5279] vmk80xx 4-1:0.0: driver 'vmk80xx' failed to auto-configure device.
[  760.216196][ T5279] vmk80xx 4-1:0.0: probe with driver vmk80xx failed with error -22
[  760.410976][ T5281] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  760.444958][ T5309] usb 4-1: USB disconnect, device number 16
[  760.580482][ T5281] usb 3-1: Using ep0 maxpacket: 16
[  761.798577][ T5281] usb 3-1: unable to get BOS descriptor or descriptor too short
[  761.807261][ T5281] usb 3-1: unable to read config index 0 descriptor/start: -71
[  761.816014][ T5281] usb 3-1: can't read configurations, error -71
[  762.565359][T10678] @: renamed from vlan0 (while UP)
[  762.852214][ T5318] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  763.040564][ T5318] usb 5-1: Using ep0 maxpacket: 16
[  764.065944][T10699] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1350'.
[  764.085126][T10699] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1350'.
[  764.202006][ T5318] usb 5-1: unable to get BOS descriptor or descriptor too short
[  764.255510][ T5318] usb 5-1: unable to read config index 0 descriptor/start: -71
[  764.271508][ T5318] usb 5-1: can't read configurations, error -71
[  764.365915][T10707] usb usb8: usbfs: process 10707 (syz.1.1353) did not claim interface 0 before use
[  765.046732][T10728] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1362'.
[  765.056136][T10728] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1362'.
[  765.273234][T10734] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  765.514545][T10739] netlink: 'syz.0.1366': attribute type 9 has an invalid length.
[  765.572113][ T5281] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  765.749972][T10749] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=536872256 (1073744512 ns) > initial count (152 ns). Using initial count to start timer.
[  765.767279][ T5281] usb 2-1: Using ep0 maxpacket: 16
[  765.897683][T10753] usb usb8: usbfs: process 10753 (syz.2.1372) did not claim interface 0 before use
[  765.979153][T10755] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1373'.
[  765.990336][T10755] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1373'.
[  766.300544][ T6045] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  766.450513][ T6045] usb 1-1: Using ep0 maxpacket: 8
[  766.480636][ T6045] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  766.503851][ T6045] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  766.553401][ T6045] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  766.584243][ T6045] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  766.623391][ T6045] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  766.646961][ T6045] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  766.795162][ T5281] usb 2-1: unable to get BOS descriptor or descriptor too short
[  766.821516][ T5281] usb 2-1: unable to read config index 0 descriptor/start: -71
[  766.851497][ T5281] usb 2-1: can't read configurations, error -71
[  766.882630][ T6045] usb 1-1: usb_control_msg returned -71
[  766.888378][ T6045] usbtmc 1-1:16.0: can't read capabilities
[  766.904820][ T6045] usb 1-1: USB disconnect, device number 10
[  767.089351][T10778] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1382'.
[  767.098835][T10778] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1382'.
[  767.195752][T10780] netlink: 16126 bytes leftover after parsing attributes in process `syz.1.1381'.
[  767.210661][T10780] netlink: 183228 bytes leftover after parsing attributes in process `syz.1.1381'.
[  767.589252][T10789] usb usb8: usbfs: process 10789 (syz.4.1385) did not claim interface 0 before use
[  768.430589][ T5279] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  768.600610][ T5279] usb 3-1: Using ep0 maxpacket: 16
[  769.492057][T10834] __nla_validate_parse: 2 callbacks suppressed
[  769.492076][T10834] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1404'.
[  769.545223][T10834] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1404'.
[  769.735351][ T5279] usb 3-1: unable to get BOS descriptor or descriptor too short
[  769.744588][ T5279] usb 3-1: unable to read config index 0 descriptor/start: -71
[  769.752333][ T5279] usb 3-1: can't read configurations, error -71
[  770.435718][T10853] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1409'.
[  770.818425][T10864] loop0: detected capacity change from 0 to 8192
[  770.841009][T10864] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  770.930891][ T5281] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  771.091162][ T5281] usb 2-1: Using ep0 maxpacket: 16
[  771.112690][ T5281] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  771.142560][ T5281] usb 2-1: config 0 has no interface number 0
[  771.163087][ T5281] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  771.177928][ T5281] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  771.203018][ T5281] usb 2-1: Product: syz
[  771.214183][ T5281] usb 2-1: Manufacturer: syz
[  771.224639][ T5281] usb 2-1: SerialNumber: syz
[  771.241567][ T5281] usb 2-1: config 0 descriptor??
[  771.264944][ T5281] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  771.834264][ T5281] gspca_spca1528: reg_w err -71
[  771.860974][ T5281] spca1528 2-1:0.1: probe with driver spca1528 failed with error -71
[  771.922636][ T5281] usb 2-1: USB disconnect, device number 11
[  772.000765][ T5318] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  772.205086][ T5318] usb 3-1: Using ep0 maxpacket: 16
[  772.245647][T10887] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1420'.
[  772.289890][T10887] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1420'.
[  772.658644][T10897] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1424'.
[  773.126492][T10908] loop3: detected capacity change from 0 to 8192
[  773.154234][ T5318] usb 3-1: unable to get BOS descriptor or descriptor too short
[  773.181162][T10908] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  773.200602][ T5318] usb 3-1: unable to read config index 0 descriptor/start: -71
[  773.216550][ T5318] usb 3-1: can't read configurations, error -71
[  774.080526][ T5318] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  774.646635][T10936] loop4: detected capacity change from 0 to 128
[  774.667045][T10935] netlink: 'syz.3.1436': attribute type 29 has an invalid length.
[  774.683323][T10936] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  774.726596][T10936] ext4 filesystem being mounted at /114/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  774.762961][T10935] netlink: 'syz.3.1436': attribute type 29 has an invalid length.
[  774.780553][ T5318] usb 3-1: Using ep0 maxpacket: 32
[  775.115861][T10942] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1438'.
[  775.689816][T10946] fuse: Unknown parameter 'group_i00000000000000000000'
[  775.783805][ T9177] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  775.835437][ T5318] usb 3-1: New USB device found, idVendor=0bda, idProduct=8156, bcdDevice=4d.28
[  775.844753][ T5318] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  775.852941][ T5318] usb 3-1: Product: syz
[  775.870445][ T5318] usb 3-1: Manufacturer: syz
[  775.878632][ T5318] usb 3-1: SerialNumber: syz
[  775.918701][ T5318] r8152-cfgselector 3-1: Unknown version 0x0000
[  775.947102][ T5318] r8152-cfgselector 3-1: config 0 descriptor??
[  776.190760][ T5279] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  776.340448][ T5279] usb 4-1: Using ep0 maxpacket: 16
[  777.224486][ T5309] r8152-cfgselector 3-1: USB disconnect, device number 16
[  777.288453][ T5279] usb 4-1: unable to get BOS descriptor or descriptor too short
[  777.314797][ T5279] usb 4-1: unable to read config index 0 descriptor/start: -71
[  777.334555][ T5279] usb 4-1: can't read configurations, error -71
[  777.509618][T10970] loop0: detected capacity change from 0 to 8192
[  777.546883][T10979] loop2: detected capacity change from 0 to 128
[  777.596652][T10970] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  777.709794][T10982] fuse: Unknown parameter 'group_i00000000000000000000'
[  777.871641][T10979] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  778.298717][T10979] ext4 filesystem being mounted at /124/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  778.810676][T11002] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1452'.
[  779.600513][ T9153] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  779.859304][  T117] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  780.099509][T11025] fuse: Unknown parameter 'group_i00000000000000000000'
[  780.410457][  T117] usb 5-1: Using ep0 maxpacket: 16
[  780.524228][T11031] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=536872256 (1073744512 ns) > initial count (152 ns). Using initial count to start timer.
[  780.610580][ T5318] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  780.790616][ T5318] usb 3-1: Using ep0 maxpacket: 16
[  780.804826][ T5318] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  780.824960][ T5318] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  780.849491][T11034] loop0: detected capacity change from 0 to 8192
[  780.856265][ T5318] usb 3-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00
[  780.869247][ T5318] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  780.880212][T11040] loop3: detected capacity change from 0 to 128
[  780.897526][ T5318] usb 3-1: config 0 descriptor??
[  780.903377][T11034] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  781.069082][T11040] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  781.097687][T11040] ext4 filesystem being mounted at /118/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  781.484854][ T5318] waltop 0003:172F:0037.0007: item fetching failed at offset 4/6
[  781.621695][T11045] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1472'.
[  782.229970][ T5318] waltop 0003:172F:0037.0007: probe with driver waltop failed with error -22
[  782.247843][  T117] usb 5-1: unable to get BOS descriptor or descriptor too short
[  782.270923][  T117] usb 5-1: unable to read config index 0 descriptor/start: -71
[  782.531377][  T117] usb 5-1: can't read configurations, error -71
[  782.572608][T11048] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  782.573225][ T9157] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  782.662426][T11048] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  782.683241][ T5318] usb 3-1: USB disconnect, device number 17
[  782.823300][T11051] @: renamed from vlan0 (while UP)
[  783.051523][T11059] fuse: Unknown parameter 'group_id00000000000000000000'
[  783.320660][ T5281] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  783.471215][ T5281] usb 4-1: Using ep0 maxpacket: 32
[  783.478734][ T5281] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  783.489863][ T5281] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  783.505123][ T5281] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024
[  783.517538][ T5281] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  783.527982][ T5281] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  783.537807][ T5281] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  783.547761][ T5281] usb 4-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  783.564710][ T5281] usb 4-1: New USB device found, idVendor=10cf, idProduct=8067, bcdDevice=2c.27
[  783.574093][ T5281] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  783.582236][ T5281] usb 4-1: Product: syz
[  783.586632][ T5281] usb 4-1: Manufacturer: syz
[  783.591399][ T5281] usb 4-1: SerialNumber: syz
[  783.600130][ T5281] usb 4-1: config 0 descriptor??
[  783.606397][T11060] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  783.623404][ T5281] vmk80xx 4-1:0.0: driver 'vmk80xx' failed to auto-configure device.
[  783.639449][ T5281] vmk80xx 4-1:0.0: probe with driver vmk80xx failed with error -22
[  783.787881][T11079] loop4: detected capacity change from 0 to 8192
[  783.802175][T11079] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  783.833851][ T5281] usb 4-1: USB disconnect, device number 19
[  784.883110][T11089] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1489'.
[  785.022994][T11099] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1489'.
[  785.398086][  T117] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  785.560868][  T117] usb 3-1: Using ep0 maxpacket: 16
[  785.573211][  T117] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  785.597138][  T117] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  785.616575][  T117] usb 3-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00
[  785.637755][  T117] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  785.658956][  T117] usb 3-1: config 0 descriptor??
[  785.951021][ T5318] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  786.097566][  T117] waltop 0003:172F:0037.0008: item fetching failed at offset 4/6
[  786.107607][  T117] waltop 0003:172F:0037.0008: probe with driver waltop failed with error -22
[  786.120740][ T5318] usb 4-1: Using ep0 maxpacket: 32
[  786.127589][ T5318] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  786.154592][ T5318] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  786.180874][ T5318] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024
[  786.222731][ T5318] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  786.235841][ T5318] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  786.246209][ T5318] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  786.288698][ T5318] usb 4-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  786.321364][T11103] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  786.340432][ T5318] usb 4-1: New USB device found, idVendor=10cf, idProduct=8067, bcdDevice=2c.27
[  786.350264][ T5318] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  786.372052][ T5318] usb 4-1: Product: syz
[  786.372702][T11103] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  786.376272][ T5318] usb 4-1: Manufacturer: syz
[  786.422060][  T117] usb 3-1: USB disconnect, device number 18
[  786.424515][ T5318] usb 4-1: SerialNumber: syz
[  786.484024][ T5318] usb 4-1: config 0 descriptor??
[  786.504975][T11120] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  786.520140][ T5318] vmk80xx 4-1:0.0: driver 'vmk80xx' failed to auto-configure device.
[  786.537656][ T5318] vmk80xx 4-1:0.0: probe with driver vmk80xx failed with error -22
[  786.677202][T11142] kvm: emulating exchange as write
[  786.738907][ T5318] usb 4-1: USB disconnect, device number 20
[  787.246851][T11159] @: renamed from vlan0 (while UP)
[  787.429897][T11164] loop3: detected capacity change from 0 to 256
[  787.499782][T11164] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xff6f124c, utbl_chksum : 0xe619d30d)
[  787.728249][T11169] loop4: detected capacity change from 0 to 128
[  788.226896][T11169] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  788.343356][T11169] ext4 filesystem being mounted at /133/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  788.660580][ T5309] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  788.845005][T11186] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1519'.
[  789.425986][ T9177] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  789.461616][ T5309] usb 1-1: config 0 has an invalid interface number: 18 but max is 0
[  789.469765][ T5309] usb 1-1: config 0 has no interface number 0
[  789.476037][ T5309] usb 1-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  789.487069][ T5309] usb 1-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  789.497424][    T8] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  789.507358][ T5309] usb 1-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10
[  789.516885][ T5309] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  789.525155][ T5309] usb 1-1: Manufacturer: syz
[  789.541156][ T5309] usb 1-1: config 0 descriptor??
[  789.624368][T11198] @: renamed from vlan0 (while UP)
[  789.720805][    T8] usb 3-1: Using ep0 maxpacket: 16
[  789.728803][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  789.743433][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  789.759088][    T8] usb 3-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00
[  789.769300][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  789.780581][    T8] usb 3-1: config 0 descriptor??
[  789.810678][ T6045] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  789.960584][ T6045] usb 2-1: Using ep0 maxpacket: 32
[  789.988926][ T6045] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  789.994738][ T5309] input: syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.18/0003:054C:03D5.0009/input/input5
[  790.014460][ T6045] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  790.038140][ T6045] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024
[  790.058050][ T6045] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  790.091247][ T6045] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  790.103059][ T6045] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  790.113551][ T6045] usb 2-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  790.127360][ T5309] sony 0003:054C:03D5.0009: input,hidraw0: USB HID v0.00 Joystick [syz] on usb-dummy_hcd.0-1/input18
[  790.132992][ T6045] usb 2-1: New USB device found, idVendor=10cf, idProduct=8067, bcdDevice=2c.27
[  790.151412][ T6045] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  790.168922][ T6045] usb 2-1: Product: syz
[  790.176693][ T6045] usb 2-1: Manufacturer: syz
[  790.203996][ T6045] usb 2-1: SerialNumber: syz
[  790.217958][    T8] waltop 0003:172F:0037.000A: item fetching failed at offset 4/6
[  790.232917][    T8] waltop 0003:172F:0037.000A: probe with driver waltop failed with error -22
[  790.243537][ T6045] usb 2-1: config 0 descriptor??
[  790.271985][    T8] usb 1-1: USB disconnect, device number 11
[  790.283079][T11194] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  790.334689][ T6045] vmk80xx 2-1:0.0: driver 'vmk80xx' failed to auto-configure device.
[  790.370310][ T6045] vmk80xx 2-1:0.0: probe with driver vmk80xx failed with error -22
[  790.433827][ T5309] usb 3-1: USB disconnect, device number 19
[  790.519595][ T5235] Bluetooth: hci5: command 0x0406 tx timeout
[  790.525818][ T7973] Bluetooth: hci6: command 0x0406 tx timeout
[  790.535873][ T6045] usb 2-1: USB disconnect, device number 12
[  790.707300][T11217] loop4: detected capacity change from 0 to 256
[  790.753714][T11217] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xff6f124c, utbl_chksum : 0xe619d30d)
[  790.815886][T11220] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1535'.
[  791.902331][T11236] RDS: rds_bind could not find a transport for ::ffff:10.1.1.1, load rds_tcp or rds_rdma?
[  792.249117][T11252] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1546'.
[  792.271456][T11254] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1545'.
[  792.310500][T11254] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1545'.
[  792.322726][T11256] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  792.391386][T11254] bond0: entered promiscuous mode
[  792.406623][T11254] bond_slave_0: entered promiscuous mode
[  792.426111][T11254] bond_slave_1: entered promiscuous mode
[  792.457160][T11259] fuse: Bad value for 'fd'
[  792.528099][T11263] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1549'.
[  792.697250][T11269] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1553'.
[  792.822168][T11276] loop4: detected capacity change from 0 to 1024
[  792.887058][T11276] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  792.931526][T11284] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1558'.
[  792.950145][T11281] netlink: 200 bytes leftover after parsing attributes in process `syz.0.1557'.
[  793.080652][T11282] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  793.965755][ T9177] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  794.050493][    T8] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  794.118900][T11303] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1564'.
[  794.213375][    T8] usb 1-1: Using ep0 maxpacket: 32
[  794.237366][    T8] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36
[  794.268220][    T8] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  794.287131][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  794.311996][    T8] usb 1-1: Product: syz
[  794.325001][    T8] usb 1-1: Manufacturer: syz
[  794.335506][    T8] usb 1-1: SerialNumber: syz
[  794.368194][    T8] usb 1-1: config 0 descriptor??
[  794.406692][T11291] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  794.422279][    T8] hub 1-1:0.0: bad descriptor, ignoring hub
[  794.428280][    T8] hub 1-1:0.0: probe with driver hub failed with error -5
[  794.472976][    T8] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input6
[  794.588300][T11316] netlink: 200 bytes leftover after parsing attributes in process `syz.4.1571'.
[  794.593147][T11312] vivid-002: =================  START STATUS  =================
[  794.610752][T11312] vivid-002: Radio HW Seek Mode: Bounded
[  794.670565][T11312] vivid-002: Radio Programmable HW Seek: false
[  794.676830][T11312] vivid-002: RDS Rx I/O Mode: Block I/O
[  794.739210][T11312] vivid-002: Generate RBDS Instead of RDS: false
[  794.781011][ T6045] usb 1-1: USB disconnect, device number 12
[  794.781197][    C0] usbtouchscreen 1-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  794.800679][T11312] vivid-002: RDS Reception: true
[  794.812556][T11312] vivid-002: RDS Program Type: 0 inactive
[  794.849756][T11312] vivid-002: RDS PS Name:  inactive
[  794.873697][T11312] vivid-002: RDS Radio Text:  inactive
[  794.891306][T11312] vivid-002: RDS Traffic Announcement: false inactive
[  794.901547][T11312] vivid-002: RDS Traffic Program: false inactive
[  794.950901][T11312] vivid-002: RDS Music: 
[  794.951481][T11329] loop4: detected capacity change from 0 to 1024
[  794.979520][T11312] false inactive
[  794.998073][T11312] vivid-002: ==================  END STATUS  ==================
[  795.001495][T11329] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  796.116502][T11333] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  796.385643][T11344] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1579'.
[  796.411090][ T9177] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  796.671720][T11353] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  796.716137][T11355] netlink: 200 bytes leftover after parsing attributes in process `syz.0.1584'.
[  796.995644][   T29] audit: type=1804 audit(1727918994.811:34): pid=11364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1586" name="/newroot/150/file0" dev="fuse" ino=1 res=1 errno=0
[  797.032207][   T29] audit: type=1800 audit(1727918994.851:35): pid=11364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1586" name="/" dev="fuse" ino=1 res=0 errno=0
[  797.060823][   T29] audit: type=1804 audit(1727918994.861:36): pid=11360 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1586" name="/newroot/150/file0" dev="fuse" ino=1 res=1 errno=0
[  797.600970][  T117] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  797.605009][T11379] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1594'.
[  797.770456][  T117] usb 1-1: Using ep0 maxpacket: 8
[  797.777325][  T117] usb 1-1: config index 0 descriptor too short (expected 5924, got 36)
[  797.786442][  T117] usb 1-1: config 250 has an invalid interface number: 228 but max is -1
[  797.800815][  T117] usb 1-1: config 250 has 1 interface, different from the descriptor's value: 0
[  797.832438][  T117] usb 1-1: config 250 has no interface number 0
[  797.838872][  T117] usb 1-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  797.865286][  T117] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  797.906857][  T117] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 26
[  797.955856][  T117] usb 1-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  798.004447][  T117] usb 1-1: config 250 interface 228 has no altsetting 0
[  798.044125][  T117] usb 1-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  798.066121][  T117] usb 1-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  798.082006][  T117] usb 1-1: Product: syz
[  798.104869][  T117] usb 1-1: SerialNumber: syz
[  798.161939][  T117] hub 1-1:250.228: bad descriptor, ignoring hub
[  798.171594][  T117] hub 1-1:250.228: probe with driver hub failed with error -5
[  798.357018][  T117] usblp 1-1:250.228: usblp0: USB Bidirectional printer dev 13 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  798.380966][T11400] netlink: 16126 bytes leftover after parsing attributes in process `syz.2.1601'.
[  798.395943][T11400] netlink: 183228 bytes leftover after parsing attributes in process `syz.2.1601'.
[  798.512591][T11402] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  798.718845][T11410] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1606'.
[  798.896137][T11417] loop1: detected capacity change from 0 to 16
[  798.908189][T11417] erofs: (device loop1): mounted with root inode @ nid 36.
[  799.026874][T11375] usb 1-1: reset high-speed USB device number 13 using dummy_hcd
[  799.238857][T11423] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36
[  799.258824][T11423] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -23 in[64, 4032] out[1851]
[  799.270682][T11423] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 43 of nid 36
[  800.196227][T11433] fuse: Bad value for 'user_id'
[  800.206718][T11433] fuse: Bad value for 'user_id'
[  800.235397][    C0] usblp0: nonzero read bulk status received: -71
[  800.409384][T11439] bond_slave_0: entered promiscuous mode
[  800.416822][T11439] bond_slave_1: entered promiscuous mode
[  800.423827][T11439] macvlan2: entered promiscuous mode
[  800.448790][T11440] vivid-000: =================  START STATUS  =================
[  800.459615][T11439] bond0: entered promiscuous mode
[  800.470453][T11440] vivid-000: Radio HW Seek Mode: Bounded
[  800.476272][T11440] vivid-000: Radio Programmable HW Seek: false
[  800.485221][T11439] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  800.494618][T11440] vivid-000: RDS Rx I/O Mode: Block I/O
[  800.502622][    T9] usb 1-1: USB disconnect, device number 13
[  800.521731][    T9] usblp0: removed
[  800.548659][T11440] vivid-000: Generate RBDS Instead of RDS: false
[  800.574726][T11440] vivid-000: RDS Reception: true
[  800.639670][T11440] vivid-000: RDS Program Type: 0 inactive
[  800.654772][T11440] vivid-000: RDS PS Name:  inactive
[  800.661302][T11440] vivid-000: RDS Radio Text:  inactive
[  800.667850][T11440] vivid-000: RDS Traffic Announcement: false inactive
[  800.701668][T11447] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1618'.
[  800.711095][T11440] vivid-000: RDS Traffic Program: false inactive
[  800.721787][T11440] vivid-000: RDS Music: false inactive
[  800.731366][T11440] vivid-000: ==================  END STATUS  ==================
[  801.008148][T11456] netlink: 16126 bytes leftover after parsing attributes in process `syz.4.1621'.
[  801.021597][T11456] netlink: 183228 bytes leftover after parsing attributes in process `syz.4.1621'.
[  801.289230][T11463] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  802.090703][T11477] bond_slave_0: entered promiscuous mode
[  802.096403][T11477] bond_slave_1: entered promiscuous mode
[  802.170730][T11477] macvlan2: entered promiscuous mode
[  802.186640][T11477] bond0: entered promiscuous mode
[  802.244922][T11477] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  802.406443][T11481] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1631'.
[  802.585257][T11494] netlink: 200 bytes leftover after parsing attributes in process `syz.3.1636'.
[  802.702025][T11498] netlink: 16126 bytes leftover after parsing attributes in process `syz.3.1638'.
[  802.718237][T11498] netlink: 183228 bytes leftover after parsing attributes in process `syz.3.1638'.
[  802.976429][T11506] loop3: detected capacity change from 0 to 1024
[  803.026996][T11511] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1643'.
[  803.053793][T11506] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  803.260716][T11514] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  803.856508][T11521] netlink: 'syz.4.1645': attribute type 3 has an invalid length.
[  804.078474][ T9157] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  804.141078][T11528] loop2: detected capacity change from 0 to 256
[  804.181187][T11528] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xff6f124c, utbl_chksum : 0xe619d30d)
[  805.074305][T11524] vivid-003: =================  START STATUS  =================
[  805.082078][ T6045] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  805.222585][T11524] vivid-003: Radio HW Seek Mode: Bounded
[  805.270603][T11524] vivid-003: Radio Programmable HW Seek: false
[  805.310472][T11524] vivid-003: RDS Rx I/O Mode: Block I/O
[  805.316576][T11524] vivid-003: Generate RBDS Instead of RDS: false
[  805.324206][T11524] vivid-003: RDS Reception: true
[  805.329234][T11524] vivid-003: RDS Program Type: 0 inactive
[  805.335601][T11524] vivid-003: RDS PS Name:  inactive
[  805.341107][ T6045] usb 5-1: Using ep0 maxpacket: 16
[  805.347420][T11524] vivid-003: RDS Radio Text:  inactive
[  805.354717][T11524] vivid-003: RDS Traffic Announcement: false inactive
[  805.355100][ T6045] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  805.392151][ T6045] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  805.407045][T11524] 
[  805.409516][T11524] vivid-003: RDS Traffic Program: false inactive
[  805.416489][ T6045] usb 5-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00
[  805.426232][T11524] vivid-003: RDS Music: false inactive
[  805.433621][ T6045] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  805.442782][T11524] vivid-003: ==================  END STATUS  ==================
[  805.453697][ T6045] usb 5-1: config 0 descriptor??
[  805.632202][T11554] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1656'.
[  805.669210][T11554] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1656'.
[  805.812561][T11563] netlink: 200 bytes leftover after parsing attributes in process `syz.1.1659'.
[  805.871839][ T6045] waltop 0003:172F:0037.000B: item fetching failed at offset 4/6
[  805.887521][ T6045] waltop 0003:172F:0037.000B: probe with driver waltop failed with error -22
[  806.071152][T11571] loop1: detected capacity change from 0 to 256
[  806.079737][ T6045] usb 5-1: USB disconnect, device number 18
[  806.106428][T11571] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xff6f124c, utbl_chksum : 0xe619d30d)
[  807.306952][T11587] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1669'.
[  807.337653][T11587] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1669'.
[  807.382748][T11593] netlink: 16126 bytes leftover after parsing attributes in process `syz.0.1671'.
[  807.406156][T11593] netlink: 183228 bytes leftover after parsing attributes in process `syz.0.1671'.
[  808.023351][T11619] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1680'.
[  808.086771][T11620] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1680'.
[  808.240144][T11623] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1681'.
[  808.922920][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  808.929280][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  810.999358][ T7973] Bluetooth: hci2: command 0x0406 tx timeout
[  811.010498][ T5235] Bluetooth: hci0: command 0x0c20 tx timeout
[  812.432850][ T5240] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  812.441939][ T5240] Bluetooth: hci2: Injecting HCI hardware error event
[  812.456090][ T5231] Bluetooth: hci2: hardware error 0x00
[  812.958303][T11692] loop0: detected capacity change from 0 to 128
[  813.854130][T11692] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  813.978515][T11692] ext4 filesystem being mounted at /160/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  814.493455][T11714] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1705'.
[  815.173665][ T9265] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  815.308988][T11730] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1716'.
[  815.714590][ T5231] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  815.742401][T11745] netlink: 'syz.0.1721': attribute type 29 has an invalid length.
[  816.089463][T11747] netlink: 'syz.0.1721': attribute type 29 has an invalid length.
[  816.133580][ T5231] Bluetooth: hci1: command 0x0406 tx timeout
[  816.600118][T11751] loop3: detected capacity change from 0 to 128
[  816.681613][T11751] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  816.702983][T11751] ext4 filesystem being mounted at /166/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  816.712331][T11768] netlink: 'syz.0.1729': attribute type 29 has an invalid length.
[  816.754874][T11768] netlink: 'syz.0.1729': attribute type 29 has an invalid length.
[  816.766476][T11768] netlink: 'syz.0.1729': attribute type 29 has an invalid length.
[  816.788008][T11768] netlink: 'syz.0.1729': attribute type 29 has an invalid length.
[  817.099755][T11777] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1725'.
[  817.712865][ T9157] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  817.820487][    T9] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  820.658323][T11794] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1736'.
[  820.684922][T11794] wireguard0: entered promiscuous mode
[  820.690864][T11794] wireguard0: entered allmulticast mode
[  820.862984][T11804] loop4: detected capacity change from 0 to 16
[  820.878070][T11804] erofs: (device loop4): mounted with root inode @ nid 36.
[  820.999855][T11806] syz.2.1741[11806] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  820.999962][T11806] syz.2.1741[11806] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  821.018773][T11806] syz.2.1741[11806] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  821.224864][T11811] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36
[  821.284629][T11811] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -23 in[64, 4032] out[1851]
[  821.308742][T11811] erofs: (device loop4): z_erofs_read_folio: read error -117 @ 43 of nid 36
[  823.000149][T11847] fuse: Unknown parameter 'user_i00000000000000000000'
[  823.007876][T11849] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1757'.
[  823.060550][    T9] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  823.086059][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  823.086255][T11849] wireguard0: entered promiscuous mode
[  823.117268][T11849] wireguard0: entered allmulticast mode
[  823.210486][    T9] usb 4-1: Using ep0 maxpacket: 16
[  823.287042][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  823.303620][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  823.320855][T11857] netlink: 'syz.2.1760': attribute type 10 has an invalid length.
[  823.331381][    T9] usb 4-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00
[  823.350288][T11857] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1760'.
[  823.360671][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  823.381135][    T9] usb 4-1: config 0 descriptor??
[  823.407456][T11857] bridge0: port 3(syz_tun) entered blocking state
[  823.438622][T11857] bridge0: port 3(syz_tun) entered disabled state
[  823.468554][T11857] syz_tun: entered allmulticast mode
[  823.503038][T11857] syz_tun: entered promiscuous mode
[  823.532909][T11857] bridge0: port 3(syz_tun) entered blocking state
[  823.539773][T11857] bridge0: port 3(syz_tun) entered forwarding state
[  823.607703][T11862] netlink: 'syz.2.1760': attribute type 10 has an invalid length.
[  823.633775][T11862] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1760'.
[  823.681233][T11862] bridge0: port 4(batadv0) entered blocking state
[  823.688097][T11862] bridge0: port 4(batadv0) entered disabled state
[  823.705249][T11862] batadv0: entered allmulticast mode
[  823.718846][T11862] batadv0: entered promiscuous mode
[  823.729712][T11862] bridge0: port 4(batadv0) entered blocking state
[  823.736345][T11862] bridge0: port 4(batadv0) entered forwarding state
[  823.814498][    T9] waltop 0003:172F:0037.000C: item fetching failed at offset 4/6
[  823.833205][    T9] waltop 0003:172F:0037.000C: probe with driver waltop failed with error -22
[  823.863094][ T6054] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  823.873260][ T6054] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  823.956139][T11878] fuse: Unknown parameter 'user_id00000000000000000000'
[  824.018619][    T9] usb 4-1: USB disconnect, device number 21
[  824.756257][T11902] loop3: detected capacity change from 0 to 16
[  824.807256][T11902] erofs: (device loop3): mounted with root inode @ nid 36.
[  824.813701][T11905] fuse: Unknown parameter 'user_id00000000000000000000'
[  825.090616][T11902] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36
[  825.102523][T11902] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -23 in[64, 4032] out[1851]
[  825.113583][T11902] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 43 of nid 36
[  825.322958][T11918] bond0: entered promiscuous mode
[  825.329242][T11918] bond_slave_0: entered promiscuous mode
[  825.341179][T11918] bond_slave_1: entered promiscuous mode
[  825.837393][T11938] fuse: Unknown parameter 'user_id00000000000000000000'
[  826.149954][T11946] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1797'.
[  826.168739][T11952] loop2: detected capacity change from 0 to 512
[  826.179161][T11952] EXT4-fs (loop2): Test dummy encryption mode enabled
[  826.223892][T11952] EXT4-fs error (device loop2): __ext4_fill_super:5458: inode #2: comm syz.2.1799: casefold flag without casefold feature
[  826.272671][T11952] EXT4-fs (loop2): get root inode failed
[  826.279961][T11952] EXT4-fs (loop2): mount failed
[  826.584405][T11959] netlink: 'syz.3.1802': attribute type 10 has an invalid length.
[  826.594061][T11959] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1802'.
[  826.605676][T11959] bridge0: port 3(batadv0) entered blocking state
[  826.612555][T11959] bridge0: port 3(batadv0) entered disabled state
[  826.619392][T11959] batadv0: entered allmulticast mode
[  826.626287][T11959] batadv0: entered promiscuous mode
[  826.634742][T11959] bridge0: port 3(batadv0) entered blocking state
[  826.641349][T11959] bridge0: port 3(batadv0) entered forwarding state
[  827.013930][ T6032] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  827.023283][ T6032] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  827.355103][T11977] fuse: Bad value for 'fd'
[  827.503142][T11980] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  831.529830][T12004] netlink: 'syz.1.1817': attribute type 10 has an invalid length.
[  831.575116][T12004] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1817'.
[  831.651588][T12004] bridge0: port 3(batadv0) entered blocking state
[  831.698449][T12007] fuse: Bad value for 'fd'
[  831.703503][T12004] bridge0: port 3(batadv0) entered disabled state
[  831.710155][T12004] batadv0: entered allmulticast mode
[  831.724269][T12004] batadv0: entered promiscuous mode
[  831.730036][T12004] bridge0: port 3(batadv0) entered blocking state
[  831.736771][T12004] bridge0: port 3(batadv0) entered forwarding state
[  832.031596][ T6054] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  832.041257][ T6054] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  832.162844][T12028] loop0: detected capacity change from 0 to 128
[  832.289357][T12034] pim6reg1: entered promiscuous mode
[  832.310544][T12034] pim6reg1: entered allmulticast mode
[  832.770069][T12043] fuse: Bad value for 'fd'
[  832.862404][T12045] loop4: detected capacity change from 0 to 1024
[  832.918982][T12045] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  832.988479][T12041] loop3: detected capacity change from 0 to 40427
[  832.997683][T12045] ext4 filesystem being mounted at /187/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  833.009404][T12041] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  833.017305][T12041] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  833.072540][T12041] F2FS-fs (loop3): Found nat_bits in checkpoint
[  833.095679][T12055] netlink: 'syz.2.1835': attribute type 10 has an invalid length.
[  833.113535][T12055] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1835'.
[  833.148422][T12055] netlink: 'syz.2.1835': attribute type 10 has an invalid length.
[  833.175130][T12055] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1835'.
[  833.347266][T12062] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1839'.
[  833.421890][T12041] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  833.460706][T12041] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  833.711470][ T9177] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  833.763065][T12075] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1844'.
[  833.833135][T12076] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1844'.
[  834.104111][T12083] fuse: Unknown parameter '00000000000000000000003'
[  834.330839][T12089] netlink: 'syz.4.1850': attribute type 10 has an invalid length.
[  834.364489][T12089] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1850'.
[  834.450479][T12089] bridge0: port 3(syz_tun) entered blocking state
[  834.472223][T12089] bridge0: port 3(syz_tun) entered disabled state
[  834.544754][T12089] syz_tun: entered allmulticast mode
[  834.585198][T12089] syz_tun: entered promiscuous mode
[  834.623612][T12089] bridge0: port 3(syz_tun) entered blocking state
[  834.630273][T12089] bridge0: port 3(syz_tun) entered forwarding state
[  834.712419][T12093] netlink: 'syz.4.1850': attribute type 10 has an invalid length.
[  834.751124][T12093] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1850'.
[  834.816012][T12093] bridge0: port 4(batadv0) entered blocking state
[  834.849369][T12093] bridge0: port 4(batadv0) entered disabled state
[  834.885532][T12097] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1851'.
[  834.896216][T12093] batadv0: entered allmulticast mode
[  834.908366][T12093] batadv0: entered promiscuous mode
[  834.915242][T12093] bridge0: port 4(batadv0) entered blocking state
[  834.921848][T12093] bridge0: port 4(batadv0) entered forwarding state
[  835.156710][ T5999] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  835.166108][ T5999] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  835.214143][T12107] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1856'.
[  835.326281][T12113] netlink: 'syz.3.1858': attribute type 29 has an invalid length.
[  835.361827][T12113] netlink: 'syz.3.1858': attribute type 29 has an invalid length.
[  835.533352][T12124] fuse: Unknown parameter '00000000000000000000003'
[  836.187442][T12149] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  836.961844][T12157] fuse: Unknown parameter '00000000000000000000003'
[  837.010408][T12159] netlink: 'syz.3.1874': attribute type 29 has an invalid length.
[  837.129359][T12164] netlink: 'syz.3.1874': attribute type 29 has an invalid length.
[  838.382492][T12186] loop3: detected capacity change from 0 to 512
[  838.541453][T12192] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  838.795188][T12186] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  838.841537][T12186] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  839.157111][T12186] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8042c01c, mo2=0002]
[  839.204877][T12186] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1138: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  839.285620][T12186] EXT4-fs (loop3): 1 truncate cleaned up
[  839.343155][T12186] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  839.613440][ T9157] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  839.890125][T12222] netlink: 'syz.4.1900': attribute type 29 has an invalid length.
[  839.906854][T12222] netlink: 'syz.4.1900': attribute type 29 has an invalid length.
[  840.607291][T12235] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  841.759810][T12248] loop0: detected capacity change from 0 to 2048
[  841.816168][T12248] EXT4-fs error (device loop0): ext4_orphan_get:1414: comm syz.0.1905: bad orphan inode 8192
[  841.881383][T12248] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  841.938953][T12257] netlink: 'syz.3.1907': attribute type 10 has an invalid length.
[  841.977801][T12257] __nla_validate_parse: 2 callbacks suppressed
[  841.977822][T12257] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1907'.
[  842.086053][T12257] bridge0: port 4(syz_tun) entered blocking state
[  842.095484][T12257] bridge0: port 4(syz_tun) entered disabled state
[  842.159557][T12257] syz_tun: entered allmulticast mode
[  842.218263][T12257] syz_tun: entered promiscuous mode
[  842.239194][T12257] bridge0: port 4(syz_tun) entered blocking state
[  842.245959][T12257] bridge0: port 4(syz_tun) entered forwarding state
[  842.274261][T12265] netlink: 'syz.2.1911': attribute type 29 has an invalid length.
[  842.289119][T12269] netlink: 'syz.2.1911': attribute type 29 has an invalid length.
[  842.328650][T12268] netlink: 'syz.3.1907': attribute type 10 has an invalid length.
[  842.350835][T12268] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1907'.
[  842.492064][    T9] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  842.618831][T12278] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  843.248008][ T9265] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  843.351883][    T9] usb 5-1: Using ep0 maxpacket: 16
[  843.400777][    T9] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  843.408838][    T9] usb 5-1: config 0 has no interface number 0
[  843.447936][    T9] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  843.477976][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  843.508262][    T9] usb 5-1: Product: syz
[  843.561015][    T9] usb 5-1: Manufacturer: syz
[  843.580465][    T9] usb 5-1: SerialNumber: syz
[  844.318998][    T9] usb 5-1: config 0 descriptor??
[  844.337009][    T9] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  844.505823][T12299] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1921'.
[  844.681905][T12308] netlink: 'syz.0.1925': attribute type 29 has an invalid length.
[  844.691406][T12308] netlink: 'syz.0.1925': attribute type 29 has an invalid length.
[  844.768234][T12310] binder: BINDER_SET_CONTEXT_MGR already set
[  844.774958][T12310] binder: 12309:12310 ioctl 4018620d 200001c0 returned -16
[  844.783164][T12310] binder: 12309:12310 ioctl c0306201 0 returned -14
[  844.891616][    T9] gspca_spca1528: reg_w err -110
[  844.920838][    T9] spca1528 5-1:0.1: probe with driver spca1528 failed with error -110
[  845.010064][    T9] usb 5-1: USB disconnect, device number 19
[  845.461704][T12318] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  846.683498][T12327] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1931'.
[  847.711596][T12335] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1933'.
[  847.887537][T12340] netlink: 'syz.3.1936': attribute type 29 has an invalid length.
[  847.913257][T12340] netlink: 'syz.3.1936': attribute type 29 has an invalid length.
[  848.027570][T12342] binder: BINDER_SET_CONTEXT_MGR already set
[  848.068723][T12346] fuse: Unknown parameter 'user_id00000000000000000000'
[  848.076177][T12342] binder: 12341:12342 ioctl 4018620d 200001c0 returned -16
[  848.237539][T12349] loop1: detected capacity change from 0 to 512
[  848.314613][T12349] EXT4-fs (loop1): Test dummy encryption mode enabled
[  848.331528][T12349] EXT4-fs error (device loop1): __ext4_fill_super:5458: inode #2: comm syz.1.1940: casefold flag without casefold feature
[  848.371367][T12349] EXT4-fs (loop1): get root inode failed
[  848.381266][T12349] EXT4-fs (loop1): mount failed
[  848.582213][T12352] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1941'.
[  849.170481][ T7951] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  849.266447][T12368] loop0: detected capacity change from 0 to 512
[  849.389652][T12368] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  849.413804][T12375] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1946'.
[  849.429086][ T7951] usb 5-1: Using ep0 maxpacket: 16
[  849.437485][ T7951] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  849.445961][ T7951] usb 5-1: config 0 has no interface number 0
[  849.453405][T12368] ext4 filesystem being mounted at /209/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  849.523299][ T7951] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  849.532800][ T7951] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  849.542029][ T7951] usb 5-1: Product: syz
[  849.556841][ T7951] usb 5-1: Manufacturer: syz
[  849.567774][ T7951] usb 5-1: SerialNumber: syz
[  849.619145][ T7951] usb 5-1: config 0 descriptor??
[  849.673811][T12378] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1947'.
[  849.706496][ T7951] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  850.475335][ T7951] gspca_spca1528: reg_w err -71
[  850.490496][ T7951] spca1528 5-1:0.1: probe with driver spca1528 failed with error -71
[  850.500135][ T7951] usb 5-1: USB disconnect, device number 20
[  850.528067][ T9265] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  850.699082][T12396] fuse: Unknown parameter 'user_id00000000000000000000'
[  851.553139][T12417] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1962'.
[  852.381836][ T5240] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0
[  852.391456][ T5240] Bluetooth: hci6: Injecting HCI hardware error event
[  852.932250][ T5240] Bluetooth: hci6: hardware error 0x00
[  855.390614][ T5240] Bluetooth: hci6: Opcode 0x0c03 failed: -110
[  855.443499][T12432] fuse: Unknown parameter 'user_id00000000000000000000'
[  855.949710][T12448] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1973'.
[  856.108817][ T5279] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  856.136737][T12448] wireguard1: entered promiscuous mode
[  856.147014][T12448] wireguard1: entered allmulticast mode
[  856.188169][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  856.270751][ T5279] usb 2-1: Using ep0 maxpacket: 16
[  856.278138][ T5279] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  856.286914][ T5279] usb 2-1: config 0 has no interface number 0
[  856.333699][ T5279] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  856.344499][ T5279] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  856.374697][ T5279] usb 2-1: Product: syz
[  856.388470][ T5279] usb 2-1: Manufacturer: syz
[  856.406475][ T5279] usb 2-1: SerialNumber: syz
[  856.425554][ T5279] usb 2-1: config 0 descriptor??
[  856.437385][ T5279] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  856.489413][T12458] fuse: Unknown parameter 'group_id00000000000000000000'
[  856.791456][ T5279] gspca_spca1528: reg_w err -71
[  856.830555][ T5279] spca1528 2-1:0.1: probe with driver spca1528 failed with error -71
[  856.872780][ T5279] usb 2-1: USB disconnect, device number 13
[  858.221371][T12474] fuse: Bad value for 'fd'
[  858.422213][T12484] fuse: Bad value for 'user_id'
[  858.440467][T12484] fuse: Bad value for 'user_id'
[  858.723080][T12494] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1988'.
[  858.732387][T12494] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1988'.
[  858.774310][   T29] audit: type=1326 audit(1727919056.591:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12464 comm="syz.0.1979" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f32cf37dff9 code=0x0
[  859.023961][T12499] netlink: 'syz.2.1992': attribute type 29 has an invalid length.
[  859.042700][T12499] netlink: 'syz.2.1992': attribute type 29 has an invalid length.
[  859.700755][T12512] fuse: Bad value for 'fd'
[  859.932838][ T5279] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  860.101433][ T5279] usb 3-1: Using ep0 maxpacket: 16
[  860.116262][ T5279] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  860.130548][ T5279] usb 3-1: config 0 has no interface number 0
[  860.148671][ T5279] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  860.172848][ T5279] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  860.216649][ T5279] usb 3-1: Product: syz
[  860.223650][ T5279] usb 3-1: Manufacturer: syz
[  860.228257][ T5279] usb 3-1: SerialNumber: syz
[  860.256298][ T5279] usb 3-1: config 0 descriptor??
[  860.301831][ T5279] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  860.514473][ T5279] gspca_spca1528: reg_w err -71
[  860.582104][ T5279] spca1528 3-1:0.1: probe with driver spca1528 failed with error -71
[  860.652981][ T5279] usb 3-1: USB disconnect, device number 20
[  861.577416][ T5231] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  861.589112][ T5231] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  861.598012][ T5231] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  861.606721][ T5231] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  861.615406][ T5231] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  861.624029][ T5231] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  861.672350][T12537] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2005'.
[  863.163480][T12544] fuse: Bad value for 'fd'
[  863.271376][T12550] fuse: Bad value for 'user_id'
[  863.276277][T12550] fuse: Bad value for 'user_id'
[  863.400168][T12532] chnl_net:caif_netlink_parms(): no params data found
[  863.608468][T12565] loop2: detected capacity change from 0 to 2048
[  863.732520][T12565]  loop2: p3 < > p4 < >
[  863.736841][T12565] loop2: partition table partially beyond EOD, truncated
[  863.768413][T12565] loop2: p3 start 4284289 is beyond EOD, truncated
[  863.790513][ T5231] Bluetooth: hci3: command tx timeout
[  863.980397][T12532] bridge0: port 1(bridge_slave_0) entered blocking state
[  863.987620][T12532] bridge0: port 1(bridge_slave_0) entered disabled state
[  864.040647][T12532] bridge_slave_0: entered allmulticast mode
[  864.108482][T12532] bridge_slave_0: entered promiscuous mode
[  864.131791][ T5309] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  864.172987][T12532] bridge0: port 2(bridge_slave_1) entered blocking state
[  864.184043][T12532] bridge0: port 2(bridge_slave_1) entered disabled state
[  864.192141][T12532] bridge_slave_1: entered allmulticast mode
[  864.198960][T12580] loop2: detected capacity change from 0 to 1024
[  864.199590][T12532] bridge_slave_1: entered promiscuous mode
[  864.302359][T12532] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  864.311592][T12580] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  864.314927][T12532] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  864.389122][T11018] udevd[11018]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  864.406428][T12532] team0: Port device team_slave_0 added
[  864.440576][   T29] audit: type=1326 audit(1727919062.251:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12547 comm="syz.1.2009" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb812f7dff9 code=0x0
[  864.475086][ T5309] usb 1-1: Using ep0 maxpacket: 16
[  864.495736][ T5309] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  864.504938][ T5309] usb 1-1: config 0 has no interface number 0
[  864.517271][ T5309] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  864.533258][T12532] team0: Port device team_slave_1 added
[  864.550410][ T5309] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  864.583320][T12532] batman_adv: batadv0: Adding interface: batadv_slave_0
[  864.592481][ T5309] usb 1-1: Product: syz
[  864.596689][ T5309] usb 1-1: Manufacturer: syz
[  864.633994][T12532] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  864.660740][ T5309] usb 1-1: SerialNumber: syz
[  864.685106][ T5309] usb 1-1: config 0 descriptor??
[  864.715275][ T9153] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  864.728596][ T5309] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  864.750375][T12532] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  864.793175][T12532] batman_adv: batadv0: Adding interface: batadv_slave_1
[  864.811072][ T9153] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  864.838484][T12532] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  864.900647][ T9153] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  864.960560][T12532] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  864.972093][ T5309] gspca_spca1528: reg_w err -71
[  865.007731][ T5309] spca1528 1-1:0.1: probe with driver spca1528 failed with error -71
[  865.021551][ T5309] usb 1-1: USB disconnect, device number 15
[  865.150982][ T9153] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  865.165533][ T9153] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  865.203500][ T9153] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  865.279760][ T9153] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  865.291536][ T9153] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  865.303430][ T9153] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  865.317532][ T9153] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  865.362282][T12532] hsr_slave_0: entered promiscuous mode
[  865.431767][T12532] hsr_slave_1: entered promiscuous mode
[  865.591235][T12590] fuse: Bad value for 'fd'
[  865.869501][T12594] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=536872256 (1073744512 ns) > initial count (152 ns). Using initial count to start timer.
[  865.886577][ T5231] Bluetooth: hci3: command tx timeout
[  866.172617][T11074] bridge0: port 3(syz_tun) entered disabled state
[  866.471774][T11074] syz_tun (unregistering): left allmulticast mode
[  866.492039][T11074] syz_tun (unregistering): left promiscuous mode
[  866.498743][T11074] bridge0: port 3(syz_tun) entered disabled state
[  867.323670][T11074] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  867.614561][T12532] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  867.898168][   T79] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  867.967471][ T5231] Bluetooth: hci3: command tx timeout
[  869.497518][T12532] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  870.032114][ T5231] Bluetooth: hci3: command tx timeout
[  870.363355][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  870.370275][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  871.370868][ T5240] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  871.546575][ T5240] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  871.558353][ T5240] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  871.568261][ T5240] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  871.594865][   T79] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  871.793493][   T79] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  871.810653][ T5240] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  871.817939][ T5240] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  872.159571][T12532] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  872.272843][   T79] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  872.404124][T12532] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  872.456946][T12637] netlink: 'syz.1.2037': attribute type 10 has an invalid length.
[  872.465897][T12637] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2037'.
[  874.090558][ T5240] Bluetooth: hci4: command tx timeout
[  874.367513][   T79] batadv0: left allmulticast mode
[  874.386115][   T79] batadv0: left promiscuous mode
[  874.398855][   T79] bridge0: port 4(batadv0) entered disabled state
[  874.472700][   T79] bridge_slave_1: left allmulticast mode
[  874.537516][   T79] bridge_slave_1: left promiscuous mode
[  874.579140][   T79] bridge0: port 2(bridge_slave_1) entered disabled state
[  874.638098][   T79] bridge_slave_0: left allmulticast mode
[  874.648504][   T79] bridge_slave_0: left promiscuous mode
[  874.669810][   T79] bridge0: port 1(bridge_slave_0) entered disabled state
[  876.120652][ T5240] Bluetooth: hci4: command tx timeout
[  877.723091][   T79] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  877.736554][   T79] bond_slave_0: left promiscuous mode
[  877.906601][   T79] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  877.976813][   T79] bond_slave_1: left promiscuous mode
[  877.988616][   T79] bond0 (unregistering): Released all slaves
[  878.029789][   T79] bond1 (unregistering): Released all slaves
[  878.133840][   T79] bond2 (unregistering): Released all slaves
[  878.171995][   T79] bond3 (unregistering): Released all slaves
[  878.190627][ T5231] Bluetooth: hci4: command tx timeout
[  878.300928][ T5240] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  878.371201][T12532] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  878.421983][ T5240] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  878.434611][ T5240] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  878.446985][ T5240] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  878.472889][ T5240] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  878.483339][ T5240] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  878.571798][T12532] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  878.773186][T12532] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  878.905029][T12532] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  879.573529][   T79] hsr_slave_0: left promiscuous mode
[  879.626726][   T79] hsr_slave_1: left promiscuous mode
[  879.652107][   T79] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  879.659587][   T79] batman_adv: batadv0: Removing interface: batadv_slave_0
[  879.731429][   T79] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  879.738852][   T79] batman_adv: batadv0: Removing interface: batadv_slave_1
[  879.896218][   T79] veth1_macvtap: left promiscuous mode
[  879.930496][   T79] veth0_macvtap: left promiscuous mode
[  879.954664][   T79] veth1_vlan: left promiscuous mode
[  879.970917][   T79] veth0_vlan: left promiscuous mode
[  880.270556][ T5240] Bluetooth: hci4: command tx timeout
[  880.592174][ T5240] Bluetooth: hci5: command tx timeout
[  881.402632][   T79] team0 (unregistering): Port device team_slave_1 removed
[  881.561573][   T79] team0 (unregistering): Port device team_slave_0 removed
[  882.670689][ T5240] Bluetooth: hci5: command tx timeout
[  882.872138][T12532] 8021q: adding VLAN 0 to HW filter on device bond0
[  882.897913][T12532] 8021q: adding VLAN 0 to HW filter on device team0
[  882.935868][ T5999] bridge0: port 1(bridge_slave_0) entered blocking state
[  882.943014][ T5999] bridge0: port 1(bridge_slave_0) entered forwarding state
[  883.091730][ T5999] bridge0: port 2(bridge_slave_1) entered blocking state
[  883.098859][ T5999] bridge0: port 2(bridge_slave_1) entered forwarding state
[  883.186504][T12623] chnl_net:caif_netlink_parms(): no params data found
[  885.554746][ T5240] Bluetooth: hci5: command tx timeout
[  885.818221][T12756] overlayfs: missing 'lowerdir'
[  885.956782][T12623] bridge0: port 1(bridge_slave_0) entered blocking state
[  885.966667][T12623] bridge0: port 1(bridge_slave_0) entered disabled state
[  885.980068][T12623] bridge_slave_0: entered allmulticast mode
[  886.019136][T12623] bridge_slave_0: entered promiscuous mode
[  886.120295][T12412] bridge0: port 3(syz_tun) entered disabled state
[  886.255932][T12412] syz_tun (unregistering): left allmulticast mode
[  886.272664][T12412] syz_tun (unregistering): left promiscuous mode
[  886.279083][T12412] bridge0: port 3(syz_tun) entered disabled state
[  886.328240][T12623] bridge0: port 2(bridge_slave_1) entered blocking state
[  886.335536][T12623] bridge0: port 2(bridge_slave_1) entered disabled state
[  886.342856][T12623] bridge_slave_1: entered allmulticast mode
[  886.349937][T12623] bridge_slave_1: entered promiscuous mode
[  886.376105][T12691] chnl_net:caif_netlink_parms(): no params data found
[  886.517361][T12623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  886.529939][T12775] loop1: detected capacity change from 0 to 128
[  886.612414][T12532] 8021q: adding VLAN 0 to HW filter on device batadv0
[  886.643007][T12623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  886.809397][T12691] bridge0: port 1(bridge_slave_0) entered blocking state
[  886.820877][T12691] bridge0: port 1(bridge_slave_0) entered disabled state
[  886.837022][T12691] bridge_slave_0: entered allmulticast mode
[  886.844451][T12691] bridge_slave_0: entered promiscuous mode
[  886.852649][T12691] bridge0: port 2(bridge_slave_1) entered blocking state
[  886.859815][T12691] bridge0: port 2(bridge_slave_1) entered disabled state
[  886.867191][T12691] bridge_slave_1: entered allmulticast mode
[  886.874475][T12691] bridge_slave_1: entered promiscuous mode
[  886.909647][T12623] team0: Port device team_slave_0 added
[  886.920077][T12623] team0: Port device team_slave_1 added
[  886.937009][   T79] batadv0: left allmulticast mode
[  886.946142][   T79] batadv0: left promiscuous mode
[  886.960558][   T79] bridge0: port 4(batadv0) entered disabled state
[  886.973708][   T79] bridge_slave_1: left allmulticast mode
[  886.987449][   T79] bridge_slave_1: left promiscuous mode
[  887.006204][   T79] bridge0: port 2(bridge_slave_1) entered disabled state
[  887.025106][   T79] bridge_slave_0: left allmulticast mode
[  887.031285][   T79] bridge_slave_0: left promiscuous mode
[  887.037043][   T79] bridge0: port 1(bridge_slave_0) entered disabled state
[  887.642894][ T5240] Bluetooth: hci5: command tx timeout
[  888.212866][   T79] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  888.230833][   T79] bond_slave_0: left promiscuous mode
[  888.240233][   T79] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  888.251334][   T79] bond_slave_1: left promiscuous mode
[  888.258794][   T79] bond0 (unregistering): Released all slaves
[  888.291621][T12691] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  888.314844][T12691] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  888.607161][T12799] hub 6-0:1.0: USB hub found
[  888.620762][T12799] hub 6-0:1.0: 1 port detected
[  889.217048][T12691] team0: Port device team_slave_0 added
[  889.348429][T12623] batman_adv: batadv0: Adding interface: batadv_slave_0
[  889.355757][T12623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  889.386840][T12623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  889.416828][T12691] team0: Port device team_slave_1 added
[  889.496617][T12623] batman_adv: batadv0: Adding interface: batadv_slave_1
[  889.510489][T12623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  889.590688][T12623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  889.644504][T12691] batman_adv: batadv0: Adding interface: batadv_slave_0
[  889.690365][T12691] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  889.770373][T12691] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  889.996569][T12691] batman_adv: batadv0: Adding interface: batadv_slave_1
[  890.025371][T12691] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  890.072787][T12691] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  890.170956][   T79] hsr_slave_0: left promiscuous mode
[  890.177016][   T79] hsr_slave_1: left promiscuous mode
[  890.197003][   T79] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  890.211013][   T79] batman_adv: batadv0: Removing interface: batadv_slave_0
[  890.235604][   T79] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  890.247753][   T79] batman_adv: batadv0: Removing interface: batadv_slave_1
[  890.277780][   T79] veth1_macvtap: left promiscuous mode
[  890.283610][   T79] veth0_macvtap: left promiscuous mode
[  890.289259][   T79] veth1_vlan: left promiscuous mode
[  890.297464][   T79] veth0_vlan: left promiscuous mode
[  890.829710][   T79] team0 (unregistering): Port device team_slave_1 removed
[  890.886983][   T79] team0 (unregistering): Port device team_slave_0 removed
[  891.400026][T12623] hsr_slave_0: entered promiscuous mode
[  891.406824][T12623] hsr_slave_1: entered promiscuous mode
[  891.415032][T12623] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  891.424560][T12623] Cannot create hsr debugfs directory
[  891.564484][T12691] hsr_slave_0: entered promiscuous mode
[  891.574716][T12691] hsr_slave_1: entered promiscuous mode
[  891.582070][T12691] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  891.589676][T12691] Cannot create hsr debugfs directory
[  891.648564][T12532] veth0_vlan: entered promiscuous mode
[  891.660520][T12532] veth1_vlan: entered promiscuous mode
[  891.684419][T12532] veth0_macvtap: entered promiscuous mode
[  891.693669][T12532] veth1_macvtap: entered promiscuous mode
[  891.899481][T12532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  891.930442][T12532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  891.950270][T12532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  891.962560][T12532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  891.972502][T12532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  891.983121][T12532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  891.996369][T12532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  892.007573][T12532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  892.027308][T12532] batman_adv: batadv0: Interface activated: batadv_slave_0
[  892.237163][T12532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  892.262022][T12532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  892.277179][T12532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  892.295723][T12532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  892.308412][T12532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  892.327540][T12532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  892.337866][T12532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  892.350519][T12532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  892.363449][T12532] batman_adv: batadv0: Interface activated: batadv_slave_1
[  892.468722][T12532] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  892.481856][T12532] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  892.490924][T12532] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  892.499668][T12532] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  892.669723][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  892.710589][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  892.888338][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  892.904901][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  893.044926][T12691] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  893.314169][T12691] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  893.605569][T12691] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  893.754000][T12849] loop1: detected capacity change from 0 to 256
[  893.822381][T12849] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[  893.836323][T12849] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  893.864956][T12691] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  893.883314][T12847] loop3: detected capacity change from 0 to 40427
[  893.909676][T12847] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  893.935879][T12847] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  893.982520][T12847] F2FS-fs (loop3): Found nat_bits in checkpoint
[  894.196437][T12691] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  894.221413][T12847] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  894.236954][T12691] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  894.256674][T12847] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  894.360188][T12691] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  894.573851][T12691] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  895.108953][T12623] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  895.148805][T12623] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  895.217200][T12623] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  895.279999][T12891] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2081'.
[  895.308883][T12623] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  895.442143][T12691] 8021q: adding VLAN 0 to HW filter on device bond0
[  895.548331][T12691] 8021q: adding VLAN 0 to HW filter on device team0
[  895.686580][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  895.693783][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  895.853882][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  895.861181][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  896.124434][T12623] 8021q: adding VLAN 0 to HW filter on device bond0
[  896.297747][T12623] 8021q: adding VLAN 0 to HW filter on device team0
[  896.416378][ T6013] bridge0: port 1(bridge_slave_0) entered blocking state
[  896.423604][ T6013] bridge0: port 1(bridge_slave_0) entered forwarding state
[  896.434918][ T6013] bridge0: port 2(bridge_slave_1) entered blocking state
[  896.442101][ T6013] bridge0: port 2(bridge_slave_1) entered forwarding state
[  896.846577][T12691] 8021q: adding VLAN 0 to HW filter on device batadv0
[  897.126490][T12623] 8021q: adding VLAN 0 to HW filter on device batadv0
[  897.145693][T12691] veth0_vlan: entered promiscuous mode
[  897.205017][T12691] veth1_vlan: entered promiscuous mode
[  897.346916][T12691] veth0_macvtap: entered promiscuous mode
[  897.436335][T12623] veth0_vlan: entered promiscuous mode
[  897.451125][T12623] veth1_vlan: entered promiscuous mode
[  897.928232][T12691] veth1_macvtap: entered promiscuous mode
[  898.162520][T12691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  898.219526][T12691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  898.229835][T12691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  898.240824][T12691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  898.250727][T12691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  898.261249][T12691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  898.271616][T12691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  898.310430][T12691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  898.340401][T12691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  898.403771][T12691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  898.444576][T12691] batman_adv: batadv0: Interface activated: batadv_slave_0
[  898.473244][T12946] loop3: detected capacity change from 0 to 512
[  898.573766][T12623] veth0_macvtap: entered promiscuous mode
[  898.590859][T12946] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  898.593085][T12623] veth1_macvtap: entered promiscuous mode
[  898.613417][T12953] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2091'.
[  898.637917][T12691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  898.641392][T12946] ext4 filesystem being mounted at /264/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  898.686151][T12691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  898.697467][T12691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  898.708476][T12691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  898.719999][T12691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  898.756243][T12691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  898.776498][T12691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  898.797337][T12691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  898.816290][T12691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  898.830060][T12955] loop4: detected capacity change from 0 to 128
[  898.837365][T12691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  898.858885][T12955] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  898.864000][T12691] batman_adv: batadv0: Interface activated: batadv_slave_1
[  898.916617][T12955] ext4 filesystem being mounted at /7/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  899.048079][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  899.109361][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  899.150646][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  899.190401][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  899.224391][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  899.244290][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  899.444508][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  899.629923][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  899.730429][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  899.763459][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  899.794382][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  899.839262][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  899.905379][T12623] batman_adv: batadv0: Interface activated: batadv_slave_0
[  899.984599][T12691] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  900.018050][T12691] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  900.048736][T12691] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  900.097707][T12691] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  900.109110][T12532] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  900.139530][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  900.179808][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  900.229050][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  900.265698][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  900.304856][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  900.326512][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  900.363650][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  900.374461][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  900.384403][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  900.394941][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  900.404889][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  900.415851][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  900.427814][T12623] batman_adv: batadv0: Interface activated: batadv_slave_1
[  900.440060][T12623] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  900.449109][T12623] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  900.458206][T12623] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  900.467001][T12623] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  900.521192][ T9157] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  900.803252][ T2498] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  900.850490][ T2498] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  900.949192][ T2498] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  900.957645][ T2498] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  901.008434][ T2498] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  901.026560][ T2498] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  901.118090][ T2498] bridge_slave_1: left allmulticast mode
[  901.127670][ T2498] bridge_slave_1: left promiscuous mode
[  901.151536][ T2498] bridge0: port 2(bridge_slave_1) entered disabled state
[  901.184591][ T2498] bridge_slave_0: left allmulticast mode
[  901.202813][ T2498] bridge_slave_0: left promiscuous mode
[  901.225326][ T2498] bridge0: port 1(bridge_slave_0) entered disabled state
[  905.572191][ T2498] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  905.618514][ T2498] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  905.698617][ T2498] bond0 (unregistering): Released all slaves
[  905.785830][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  905.807104][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  905.852471][T13008] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2100'.
[  907.450829][T13049] loop1: detected capacity change from 0 to 40427
[  907.498872][T13049] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  907.520404][T13049] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  907.604238][T13049] F2FS-fs (loop1): Found nat_bits in checkpoint
[  907.742711][T13049] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  907.750587][T13049] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  907.878842][ T2498] hsr_slave_0: left promiscuous mode
[  907.895271][ T2498] hsr_slave_1: left promiscuous mode
[  907.918448][ T2498] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  907.993879][ T2498] batman_adv: batadv0: Removing interface: batadv_slave_0
[  908.082746][ T2498] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  908.123235][ T2498] batman_adv: batadv0: Removing interface: batadv_slave_1
[  908.945792][ T2498] veth1_macvtap: left promiscuous mode
[  908.991168][ T2498] veth0_macvtap: left promiscuous mode
[  908.997162][ T2498] veth1_vlan: left promiscuous mode
[  909.002652][ T2498] veth0_vlan: left promiscuous mode
[  911.001403][T13111] loop1: detected capacity change from 0 to 16
[  911.012515][T13111] erofs: (device loop1): mounted with root inode @ nid 36.
[  912.074883][T13113] loop4: detected capacity change from 0 to 512
[  912.161207][T13113] EXT4-fs (loop4): Test dummy encryption mode enabled
[  912.210885][ T5231] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  912.216234][T13113] EXT4-fs error (device loop4): __ext4_iget:4952: inode #11: block 1: comm syz.4.2116: invalid block
[  912.238821][ T5231] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  912.248744][ T5231] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  912.294328][ T5231] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  912.308043][T13113] EXT4-fs error (device loop4): ext4_orphan_get:1393: comm syz.4.2116: couldn't read orphan inode 11 (err -117)
[  912.322594][ T5231] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  912.331085][T13113] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  912.343700][ T5231] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  912.572251][T12532] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  913.042441][ T2498] team0 (unregistering): Port device team_slave_1 removed
[  913.155964][ T2498] team0 (unregistering): Port device team_slave_0 removed
[  913.755333][T13131] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2122'.
[  914.440496][ T5240] Bluetooth: hci1: command tx timeout
[  914.617826][T13137] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2125'.
[  915.117220][T13146] loop1: detected capacity change from 0 to 512
[  915.130501][T13146] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  915.171235][    T9] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  915.229940][T13146] EXT4-fs (loop1): 1 truncate cleaned up
[  915.256026][T13146] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  915.410825][    T9] usb 5-1: Using ep0 maxpacket: 16
[  915.433958][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  915.475713][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  915.524338][T13115] chnl_net:caif_netlink_parms(): no params data found
[  915.560608][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  916.417284][    T9] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  916.426536][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  916.439549][    T9] usb 5-1: config 0 descriptor??
[  916.580288][ T5240] Bluetooth: hci1: command tx timeout
[  916.706551][T13162] loop2: detected capacity change from 0 to 1024
[  916.717864][T13162] EXT4-fs: test_dummy_encryption requires encrypt feature
[  916.734481][ T9174] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  916.896190][    T9] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  916.903612][    T9] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  916.910985][    T9] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  916.919379][    T9] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  916.928101][    T9] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  916.936007][    T9] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  916.943759][    T9] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  916.951192][    T9] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  916.958461][    T9] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  916.965810][    T9] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  916.985532][    T9] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.000D/input/input7
[  917.033865][    T9] microsoft 0003:045E:07DA.000D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  917.131252][ T5231] Bluetooth: hci2: sending frame failed (-49)
[  917.139209][ T5240] Bluetooth: hci2: Opcode 0x1003 failed: -49
[  917.316159][T13175] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2135'.
[  917.354722][ T5309] usb 5-1: USB disconnect, device number 21
[  917.381194][T12981] bridge0: port 4(syz_tun) entered disabled state
[  917.818786][T12981] syz_tun (unregistering): left allmulticast mode
[  918.119077][T12981] syz_tun (unregistering): left promiscuous mode
[  918.183710][T12981] bridge0: port 4(syz_tun) entered disabled state
[  918.347251][T13184] BUG: unable to handle page fault for address: fffffbfffbc00000
[  918.355022][T13184] #PF: supervisor read access in kernel mode
[  918.360994][T13184] #PF: error_code(0x0000) - not-present page
[  918.366962][T13184] PGD 23ffe4067 P4D 23ffe4067 PUD 23ffe3067 PMD 0 
[  918.373498][T13184] Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI
[  918.379587][T13184] CPU: 0 UID: 0 PID: 13184 Comm: syz.2.2136 Not tainted 6.12.0-rc1-next-20241002-syzkaller #0
[  918.389815][T13184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  918.399863][T13184] RIP: 0010:kasan_check_range+0x82/0x290
[  918.405529][T13184] Code: 01 00 00 00 00 fc ff df 4f 8d 3c 31 4c 89 fd 4c 29 dd 48 83 fd 10 7f 29 48 85 ed 0f 84 3e 01 00 00 4c 89 cd 48 f7 d5 48 01 dd <41> 80 3b 00 0f 85 c9 01 00 00 49 ff c3 48 ff c5 75 ee e9 1e 01 00
[  918.425653][T13184] RSP: 0018:ffffc90009ee7af8 EFLAGS: 00010286
[  918.431736][T13184] RAX: 0000000000000001 RBX: 1ffffffffbc00000 RCX: ffffffff81cf53cf
[  918.439702][T13184] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffffde000000
[  918.447669][T13184] RBP: ffffffffffffffff R08: ffffffffde000003 R09: 1ffffffffbc00000
[  918.455635][T13184] R10: dffffc0000000000 R11: fffffbfffbc00000 R12: ffffffffde000000
[  918.463601][T13184] R13: 0000000000000004 R14: dffffc0000000001 R15: fffffbfffbc00001
[  918.471566][T13184] FS:  00007f636cdff6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  918.480592][T13184] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  918.487174][T13184] CR2: fffffbfffbc00000 CR3: 0000000028cc4000 CR4: 00000000003526f0
[  918.495143][T13184] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  918.503129][T13184] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  918.511099][T13184] Call Trace:
[  918.514372][T13184]  <TASK>
[  918.517297][T13184]  ? __die_body+0x5f/0xb0
[  918.521652][T13184]  ? page_fault_oops+0x8e4/0xcc0
[  918.526620][T13184]  ? mntput_no_expire+0xc2/0x850
[  918.531584][T13184]  ? __pfx_page_fault_oops+0x10/0x10
[  918.536905][T13184]  ? apparmor_current_getsecid_subj+0xde/0x1b0
[  918.543072][T13184]  ? is_prefetch+0x4ed/0x780
[  918.547663][T13184]  ? __pfx_mntput_no_expire+0x10/0x10
[  918.553053][T13184]  ? __pfx_is_prefetch+0x10/0x10
[  918.558008][T13184]  ? terminate_walk+0x365/0x430
[  918.562879][T13184]  ? __bad_area_nosemaphore+0x118/0x770
[  918.568465][T13184]  ? __pfx___bad_area_nosemaphore+0x10/0x10
[  918.574371][T13184]  ? spurious_kernel_fault+0x119/0x5a0
[  918.579841][T13184]  ? exc_page_fault+0x5c8/0x8c0
[  918.584697][T13184]  ? asm_exc_page_fault+0x26/0x30
[  918.589728][T13184]  ? copy_from_kernel_nofault+0x6f/0x2f0
[  918.595379][T13184]  ? kasan_check_range+0x82/0x290
[  918.600418][T13184]  copy_from_kernel_nofault+0x6f/0x2f0
[  918.605904][T13184]  bpf_probe_read_compat+0x10f/0x180
[  918.611205][T13184]  ? bpf_trace_run3+0x24c/0x5a0
[  918.616060][T13184]  bpf_prog_19cf62d422e78662+0x43/0x45
[  918.621515][T13184]  bpf_trace_run3+0x33a/0x5a0
[  918.626197][T13184]  ? __pfx_bpf_trace_run3+0x10/0x10
[  918.631397][T13184]  ? __pfx_lock_release+0x10/0x10
[  918.636415][T13184]  ? do_sys_openat2+0x17a/0x1d0
[  918.641276][T13184]  ? rcu_read_lock_sched_held+0x8d/0x130
[  918.646997][T13184]  ? do_sys_openat2+0x17a/0x1d0
[  918.651849][T13184]  ? do_sys_openat2+0x17a/0x1d0
[  918.656723][T13184]  kmem_cache_free+0x355/0x420
[  918.661511][T13184]  do_sys_openat2+0x17a/0x1d0
[  918.666191][T13184]  ? __pfx_do_sys_openat2+0x10/0x10
[  918.671392][T13184]  __x64_sys_openat+0x247/0x2a0
[  918.676255][T13184]  ? __pfx___x64_sys_openat+0x10/0x10
[  918.681628][T13184]  ? do_syscall_64+0x100/0x230
[  918.686395][T13184]  ? do_syscall_64+0xb6/0x230
[  918.691096][T13184]  do_syscall_64+0xf3/0x230
[  918.695601][T13184]  ? clear_bhb_loop+0x35/0x90
[  918.700272][T13184]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  918.706167][T13184] RIP: 0033:0x7f636d37dff9
[  918.710578][T13184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  918.730198][T13184] RSP: 002b:00007f636cdff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  918.738607][T13184] RAX: ffffffffffffffda RBX: 00007f636d535f80 RCX: 00007f636d37dff9
[  918.746574][T13184] RDX: 00000000001c1341 RSI: 0000000020000040 RDI: ffffffffffffff9c
[  918.754539][T13184] RBP: 00007f636d3f0296 R08: 0000000000000000 R09: 0000000000000000
[  918.762509][T13184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  918.770471][T13184] R13: 0000000000000000 R14: 00007f636d535f80 R15: 00007fff786c8648
[  918.778458][T13184]  </TASK>
[  918.781470][T13184] Modules linked in:
[  918.785369][T13184] CR2: fffffbfffbc00000
[  918.789531][T13184] ---[ end trace 0000000000000000 ]---
[  918.789571][    C1] BUG: unable to handle page fault for address: fffffbfffbc00000
[  918.795013][T13184] RIP: 0010:kasan_check_range+0x82/0x290
[  918.802721][    C1] #PF: supervisor read access in kernel mode
[  918.808334][T13184] Code: 01 00 00 00 00 fc ff df 4f 8d 3c 31 4c 89 fd 4c 29 dd 48 83 fd 10 7f 29 48 85 ed 0f 84 3e 01 00 00 4c 89 cd 48 f7 d5 48 01 dd <41> 80 3b 00 0f 85 c9 01 00 00 49 ff c3 48 ff c5 75 ee e9 1e 01 00
[  918.814303][    C1] #PF: error_code(0x0000) - not-present page
[  918.833898][T13184] RSP: 0018:ffffc90009ee7af8 EFLAGS: 00010286
[  918.839949][    C1] PGD 23ffe4067 P4D 23ffe4067 
[  918.846004][T13184] 
[  918.846014][T13184] RAX: 0000000000000001 RBX: 1ffffffffbc00000 RCX: ffffffff81cf53cf
[  918.850763][    C1] PUD 23ffe3067 
[  918.853072][T13184] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffffde000000
[  918.861032][    C1] PMD 0 
[  918.864557][T13184] RBP: ffffffffffffffff R08: ffffffffde000003 R09: 1ffffffffbc00000
[  918.872514][    C1] 
[  918.872526][    C1] Oops: Oops: 0000 [#2] PREEMPT SMP KASAN PTI
[  918.875351][T13184] R10: dffffc0000000000 R11: fffffbfffbc00000 R12: ffffffffde000000
[  918.883490][    C1] CPU: 1 UID: 0 PID: 13180 Comm: syz.0.2138 Tainted: G      D            6.12.0-rc1-next-20241002-syzkaller #0
[  918.885799][T13184] R13: 0000000000000004 R14: dffffc0000000001 R15: fffffbfffbc00001
[  918.891853][    C1] Tainted: [D]=DIE
[  918.899802][T13184] FS:  00007f636cdff6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  918.911490][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  918.919445][T13184] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  918.923151][    C1] RIP: 0010:kasan_check_range+0x82/0x290
[  918.932061][T13184] CR2: fffffbfffbc00000 CR3: 0000000028cc4000 CR4: 00000000003526f0
[  918.942106][    C1] Code: 01 00 00 00 00 fc ff df 4f 8d 3c 31 4c 89 fd 4c 29 dd 48 83 fd 10 7f 29 48 85 ed 0f 84 3e 01 00 00 4c 89 cd 48 f7 d5 48 01 dd <41> 80 3b 00 0f 85 c9 01 00 00 49 ff c3 48 ff c5 75 ee e9 1e 01 00
[  918.948792][T13184] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  918.954418][    C1] RSP: 0018:ffffc90000a18878 EFLAGS: 00010286
[  918.962377][T13184] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  918.981971][    C1] 
[  918.981982][    C1] RAX: 0000000000000001 RBX: 1ffffffffbc00000 RCX: ffffffff81cf53cf
[  918.989934][T13184] Kernel panic - not syncing: Fatal exception
[  920.130313][T13184] Shutting down cpus with NMI
[  920.160166][T13184] Kernel Offset: disabled
[  920.164513][T13184] Rebooting in 86400 seconds..